23 And Breach

TechCrunch reports that 23andMe confirms hackers stole ancestry data on 6.9 million users:

On Friday, genetic testing company 23andMe announced that hackers accessed the personal data of 0.1% of customers, or about 14,000 individuals. The company also said that by accessing those accounts, hackers were also able to access “a significant number of files containing profile information about other users’ ancestry.” But 23andMe would not say how many “other users” were impacted by the breach that the company initially disclosed in early October.

Prior to this announcement, after hack, 23andMe gives users 30 days to opt out of class-action waiver:

In the email, 23andMe told users that they had 30 days to notify the ancestry site that they disagree with the new terms. Otherwise, 23andMe users “will be deemed to have agreed to the new terms.”

Shady to the best. One can deduce they have something to lose in a class action.

I always thought the idea to give your DNA to a company was a bad idea. Even more if based in the US, since they have very little privacy protections and a swath of 3 letter agencies issuing warrants and subpoenas.

While DNA isn’t used for authentication (yet, unlike faces, and fingerprints) it’s still the Personally Identifiable Information with the most entropy.