Last year, a hacker claimed it was selling account details stolen from genetic testing service, 23andMe. The information was accessed during a mass privacy breach when an attacker took username and password combinations from previous breaches and used them to access 23andMe accounts. Once in, they gathered all the information they could.
The stolen data includes:
- Names
- Birth years
- Sex
- Some genetic ancestry results
No genetic data was compromised.
Cybercriminals frequently leverage stolen data to perpetrate various forms of fraud, scams, and identity theft against unsuspecting individuals. So if you are involved in the 23andMe data breach, you should be vigilant.
Here are some steps you can take to safeguard your privacy and minimise the potential risks:
- Change your passwords. If you haven’t already done so, change the password for your 23andMe account and any other accounts that share the same or similar passwords. Choose strong, unique passwords that are difficult to guess and consider using a reputable password manager to keep track of them securely.
- Monitor your accounts. While no financial data was accessed in this hack, cybercriminals often collect data from multiple breaches to build a full profile on individuals. The more information they have, the easier it is for them to access your accounts. Keep a close eye on your bank statements, credit reports, and any other accounts just to be sure.
- Review your privacy settings. Review and update your privacy settings on your 23andMe account and any other online platforms you use. You should also enable two-factor authentication if available. Consider limiting the amount of personal information you share publicly and opt for more restrictive privacy settings whenever possible.
- Be wary of anyone asking you for personal information. Be cautious of phishing attempts and only trust information from reliable sources. This includes any unsolicited emails, calls, or messages claiming to be from 23andMe or related to the data breach. Scammers often try to exploit data breaches to trick individuals into providing additional personal information or downloading malicious software.
- Report suspicious activity. If you notice any suspicious activity or believe you may have been a victim of identity theft or fraud, report it to the appropriate authorities (Action Fraud).
- Regularly update your software. Keep your devices and software up to date with the latest security patches and updates. This helps protect your systems against known vulnerabilities that could be exploited by cybercriminals.
Consider your legal options
If your privacy rights have been violated as a result of the data breach, there are legal options for recourse.
23andMe has written to all affected users. If you have received this notification, you could qualify to join a no-win, no-fee group action claim. Our simple eligibility checker provides instant clarity.
While data breaches can be unsettling, taking proactive steps to protect your privacy can help minimise the potential risks and give you peace of mind. By staying informed, practicing good security habits, and being vigilant about protecting your personal information, you can reduce the likelihood of falling victim to identity theft or fraud following the 23andMe data breach.