23andMe is under scrutiny, with some experts calling this the start of the top for the favored genetic testing company. It's been a difficult 12 months for the saliva-based DNA testing brand, including a high-profile data breach and resignations from the corporate's board last month.
Users are wondering what's next – and whether their personal information (including their literal DNA) is secure.
Here's what we all know.
What happened to the 23andMe data breach?
In October 2023, 23andMe launched an investigation after a “threat actor” claimed to have obtained the non-public information of thousands and thousands of users.
As of December, the corporate confirmed through a filing with the Securities and Exchange Commission that a hacker had directly accessed 0.1% of its users' accounts, or about 14,000 profiles. Still, due to networks that individual users can construct that connect their information with other possible relatives, the hacker was in a position to view the data of thousands and thousands of users.
RELATED: 'I slept with my half-brother': One woman's horror story reflects the loosely regulated nature of the U.S. fertility industry
An organization spokesperson told news outlets on the time that 6.9 million people were affected: about 5.5 million customers who opted into 23andMe's DNA Relatives feature and 1.4 million users who opted in Family tree information was accessed.
Information retrieved included:
1. Display name, profile picture and 12 months of birth.
2. How long does it take for them to log in to their account?
3. Your relationship status.
4. Your self-reported location by city and zip code.
5. Predicted relationships with others.
6. DNA percentages that users share with their “DNA relatives”.
The company added that a further 1.4 million customers who used the DNA Relatives feature had their “Family Tree” profiles, which include a limited subset of profile data, accessed.
23andMe said on the time that the hacking activity had been contained and that existing users would want to reset their passwords and enable multifactor authentication for logins.
The matter led to a category motion lawsuit that was filed in January and settled this month.
Who is eligible for the 23andMe settlement money?
As a part of the settlement, 23andMe admitted no wrongdoing and agreed to pay $30 million to the affected parties, including as much as $10,000 to individuals who suffered significant losses because of this of the breach, for instance, through identity theft.
The settlement will impact the thousands and thousands of users whose data was affected by the leak. To qualify, an affected 23andMe user should have been a U.S. resident as of August 11, 2023.
At the time of publication, there is no such thing as a opportunity to submit a claim to take part in the settlement. According to Forbes, affected users might want to visit the 23andMe comparison website and enter their information because it becomes available. The website offers a web-based application form and a downloadable PDF version in case you prefer to submit by mail.
Why did your complete board resign?
23andMe's entire independent board resigned last month, a rare move within the business world that experts say signals a volatile situation.
The seven directors said in a letter to 23andMe co-founder and CEO Anne Wojcicki that they’d not received a confident plan for the corporate's future.
Wojcicki had previously expressed a desire to take 23andMe private, sparking concern amongst board members.
“While we continue to fully support the company's mission and firmly believe in the value of the personalized health and wellness offering you have outlined, it is also clear that we have different opinions regarding the company's strategic direction going forward,” it said it within the letter. “Because of this difference, and because of your concentrated voting power, we believe it is in the best interest of the company's shareholders that we resign from the board rather than enter into a protracted and distracting disagreement with you over the direction of the company.”
Wojcicki responded to the resignations with a staff memo expressing her “surprise” and disappointment on the board’s decision. She added that she still believes that privatizing 23andMe is one of the best option, but clarified that she is just not considering third-party takeover proposals.
Wojcicki said she is going to appoint latest directors to the board. She stays the one board member listed on the corporate's website.
Is 23andMe Safe to Use Now?
Experts say 23andMe users' data isn’t any more in danger today than ever before, but added that customers should read the corporate's privacy policies and take into consideration what data is obtainable and where they wish to share it.
Customers may consent to 23andMe sharing their anonymized genetic information with third-party firms for quite a lot of reasons, including medical research. Experts told CBS that this kind of data sharing can introduce vulnerabilities, but they will not be unique to 23andMe.
About 80% of 23andMe customers comply with take part in the corporate's research program, which has produced nearly 300 peer-reviewed publications on genetic insights into diseases, the corporate said.
Still, users became much more concerned when Eva Galperin, the director of cybersecurity on the Electronic Frontier Foundation, called attention to the corporate in a social media post.
“If you have a 23andme account, today is a good day to log in and request that your data be deleted,” she wrote on X.
How can I delete my data from 23andMe?
However, deleting an account doesn’t necessarily delete all of a user's associated personal information. The company plans to retain some genetic information and private data resembling gender, birthday, email address and account deletion request details, MIT Technology Review reported.
For users who’ve chosen to share anonymized genetic data with third parties, there is no such thing as a choice to delete the data or withdraw the info already shared.
Are there alternatives to 23andMe?
There are some privacy concerns with all online DNA testing services, but legal guidelines regulating personal data function a safeguard. For some users who want answers to health puzzles or want to search out missing links to their family trees, the trade-off is value it.
Because of 23andMe's uncertain future, review sites like The New York Times' Wirecutter have stopped recommending the service of their DNA testing summaries.
The reviews site recommends AncestryDNA and FamilyTreeDNA as alternatives.
___
©2024 The Philadelphia Inquirer, LLC. Visit at Inquirer.com. Distributed by Tribune Content Agency, LLC.
Originally published:
image credit : www.mercurynews.com