The personal information of an estimated 6.9 million users of genetic testing company 23andMe was stolen by hackers in a recent data breach, a company spokesperson confirmed to The Hill on Monday.
A spokesperson for 23andMe told The Hill that an estimated 5.5 million users accessed their data through the company’s DNA Relatives feature.
Hackers also hacked another 1.4 million people’s family tree profile data, which contained a variety of identifying information about the user, the spokesman said.
TechCrunch first reported the estimated 6.9 million users affected by the breach.
23andMe first disclosed the data breach in early October and said both outside forensic experts and federal law enforcement officials were assisting in the investigation.
Last Friday, the company announced it had completed its investigation and filed the results with the U.S. Securities and Exchange Commission.
In the findings, the company said hackers were able to access 0.1 percent of the company’s user data, which the company described as a “very small percentage.” The spokesperson confirmed on Monday that this equates to around 14,000 users.
According to the spokesperson, hackers were able to access accounts if the usernames and passwords used on the 23andMe website matched those used on other previously compromised websites.
The spokesperson added that the hackers used this information to access DNA relatives’ profile files and family tree profile information.
“We have no indication that there was a breach or data security incident in our systems or that 23andMe was the source of the account credentials used in these attacks,” the spokesperson noted.
The company said last Friday it had “taken measures” to protect user data, including requiring existing consumers to reset their passwords and enforcing a two-step verification method for both new and existing users.
After 23andMe first disclosed the data breach in October, Connecticut Attorney General William Tong requested additional information about the incident, which he said targeted data from people of Ashkenazi Jewish and Chinese descent.
Tong claimed the hack resulted in the sale of at least a million data profiles with Ashkenazi Jewish ancestry on the illegal market and another leak exposed data on hundreds of thousands of people with Chinese ancestry.
At the time, a 23andMe spokesperson told The Hill that its investigation found that “threat actors were able to access certain accounts in cases where users recycled credentials.”
The Hill reached out to the Connecticut Attorney General’s Office and 23andMe for an update on Tong’s investigation.
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.