VFC Highlight #23-26: 23andMe Data Leak and Online Safety Steps

On October 7, 2023, a data sample containing some personally identifiable information for nearly one million people with Ashkenazi Jewish ancestry was advertised for sale on a cybercrime forum, with information ranging from $1.00 to $10.00 per line of data. 

The information was not taken from 23andMe from a cyberattack against the company, but rather through the use of previously compromised credentials (usernames and passwords) from other websites that were reused for 23andMe accounts.  Once the attacker gained access to an account, if the user had opted-in to the 23andMe feature "DNA Relatives," the attacker had access to other users genetic data matching that of the compromised account.  

It is still unknown how much or exactly when the data was taken as 23andMe's investigation is ongoing.  However, given the data available in the sample, there is a potential for someone to locate a compromised user offline by using publicly available information.  

If there are any questions or concerns regarding this information, reach out to the Virginia Fusion Center at 804-674-2196.  

To view this highlight in it's entirety click HERE.