The company confirmed that the sold data was authentic but insisted their systems had not been compromised.
The affected users had opted into 23andMe’s “DNA Relatives” feature, allowing the perpetrators to get data of their relative matches. This data, including full names, birth dates, locations, and genetic ancestry results, has considerable potential for misuse by identity thieves.
In response to the incident, 23andMe has recommended users enable two factor authentication and reset their passwords, especially if they believe their data could be at risk. The company, a significant player in the genetic testing market, also collaborates with GlaxoSmithKline, using customer’s test results to develop new medication.