Connecticut Attorney General William Tong issued an inquiry letter to genetic testing and ancestry research company 23andMe Inc. regarding a data breach that reportedly exposed confidential data for more than five million users.
In early October, 23andMe issued a press release disclosing that customer profile information shared through the company’s DNA Relatives feature had been accessed without authorization. The data breach involved the names, sex, date of birth, geographical location and genetic ancestry results of the company’s clients, and it appeared the attack was specifically targeting individuals of Ashkenazi Jewish and Chinese heritage – with the pilfered data being made available across the dark web.
Tong noted that 23andMe has not submitted a data breach notification to his office, and his inquiry questioned if the company was in compliance with the Connecticut Data Privacy Act.
“The increased frequency of antisemitic and anti-Asian rhetoric and violence in recent years means that this may be a particularly dangerous time for such targeted genetic information to be released to the public,” said Tong. “23andMe is in the business of collecting and analyzing the most sensitive and irreplaceable information about individuals, their genetic code. This incident raises questions about the processes used by 23andMe to obtain consent from users, as well as the measures taken by 23andMe to protect the confidentiality of sensitive personal information.”
