Hackers have my DNA? If you used 23andMe.com for genetic testing there’s a good chance they do.
First the particulars. In early October the genetic testing company, 23andMe, admitted that it had been the victim of a data breach. That breach probably occurred in August, possibly even earlier. The company only became aware of the problem when user data was leaked in online forums.
Oops! Apparently, there really are no lifeguards at the gene pool.
If you are the credulous sort, you may believe what the suddenly attentive company now says about the loss. To paraphrase: “Not much to see here, folks.” According to 23andMe, the data breach did not include genetic data, just the usual account details (usernames, passwords, credit cards), and some details about genetic ancestry results. Possibly. Bear in mind, however, that the hackers stole over 300 Terabytes of data. That’s a lot of data. My guess is there is little user information that the thieves did not steal.
Of particular note in this case is the fact that, prior to the breach, 23andMe did not even require users to employ 2 factor authentication. One would think that requiring such a step would represent the bare minimum level of account protection. After all, we’re talking about users’ DNA profiles.
Then again, there are no federal laws protecting you if you use online genetic testing sites like 23andMe, HomeDNA, or Ancestry.com. Using such sites may be helpful in identifying possible disease risks or answering family history questions but using them brings with it other risks. Privacy risks. Your data may be accessible to law enforcement, insurers, and others. In this case those “others” included hackers.
Some might ask, “What can they do with my genetic data anyway?” More than you think. The hackers have already targeted 23andMe users of Ashkenazi Jewish and of Chinese ancestries. A 23andMe spokesperson admitted that the targeted groups could well include people with just 1% (Jewish or Chinese) ancestry. Harassment. Racial profiling. Discrimination. Worse.
So, think twice this holiday season before showing up at the family gathering with your newly acquired genetic testing profile. You may be sharing family DNA data with an audience that reaches far beyond those attending the party.
Peter has spent the past twenty-plus years as an acting/consulting CFO for a number of small businesses in a wide range of industries. Peter’s prior experience is that of a serial entrepreneur, managing various start-up and turnaround projects. He is a co-founder of Keurig.
