Report says 6.9 million people affected in 23andMe data breach

23andMe kits at the 2017 Streamy Awards at The Beverly Hilton Hotel on September 26, 2017 in Beverly Hills, California.
23andMe kits at the 2017 Streamy Awards at The Beverly Hilton Hotel on September 26, 2017 in Beverly Hills, California. Photo credit Matt Winkelmeyer/Getty Images for dick clark productions

According to a recent report, the genetic testing company 23andMe suffered a data breach that resulted in the data of 6.9 million individuals being leaked.

The report from TechCrunch cites an email from 23andMe spokesperson Katie Watson, who confirmed that 5.5 million individuals who used the platform and opted-in to its DNA Relatives feature had their personal information accessed.

Information that was accessed from the group included ancestry reports, self-reported location, birth year, names, and more.

An additional 1.4 million people who opted into the DNA Relatives feature also had their “Family Tree profile information accessed.” The data made available includes their display names, relationship labels, birth year, self-reported location, and more, the spokesperson said.

The report comes as 23andMe shared Friday that only 14,000 individuals suffered data breaches from the hackers in the breach that occurred in early October.

While the company admitted last week that more information had been accessed, it did not specify how many people were at risk.

In early October, a hacker claimed to have stolen the DNA information from the company in a post on a well-known hacking forum, according to Wired.com.

To prove it, the hacker published alleged data from more than one million people, asking for as much as $10 for the information for one account, the report said.

When disclosing the incident in October, 23andMe wrote in a statement that the breach was a result of customers reusing passwords.

After entering certain accounts, the company said those who used the DNA Relatives feature made it possible for hackers to gain more information from others.

Now, the company says it has “completed its investigation” and is “in the process of notifying affected customers, as required by law.”

“We have taken steps to further protect customer data, including requiring all existing customers to reset their password and requiring two-step verification for all new and existing customers,” the company said. “The company will continue to invest in protecting our systems and data.”

Featured Image Photo Credit: Matt Winkelmeyer/Getty Images for dick clark productions