The information of millions of 23andMe users was subsequently leaked again was hacked earlier this monthaccording to a report by TechCrunch Thursday. The hacker, who goes by the name “Golem” on several dark web forums, released user information on Tuesday containing records from over four million people.
“We are aware that the threat actor involved in this investigation has reportedly released additional customer DNA relative profile information,” a 23andMe spokesperson said via email.
The company that tells you about your family history is already here faced with lawsuits since the first data breach this month. The same hacker targeted users of Ashkenazi Jewish and Chinese descent, including high-profile celebrities such as Tesla CEO Elon Musk, Google co-founder Sergey Brin, and Meta CEO Mark Zuckerberg.
This time, the hacker claims to be targeting users whose ancestry is from the UK, including data from “the richest people living in the US and Western Europe.”
According to 23andMe, this current data breach is under investigation.
“We are currently reviewing the data to determine whether it is legitimate. Our investigation is ongoing and if we learn that a customer’s data was accessed without their authorization, we will notify them directly with further information,” 23andMe said.
Lawsuits related to the previous data breach alleged that 23andMe had inadequate digital safeguards and exposed customers to increased risk of fraud and identity theft.
“We believe threat actors were able to access specific accounts in cases where users reused their credentials – that is, usernames and passwords used on 23andMe.com were the same as those used on other sites that were previously hacked,” the company told Gizmodo in early October.
Particularly relevant in the first attack was a feature called “DNA Relatives,” which allowed users to see people whose genetic data matched their own. When enabled, this feature allows hackers to read data about a user’s DNA relatives, meaning one hacked account can lead to a network of hacked accounts that all share similar genetic backgrounds.