DNA testing has seen a significant rise in popularity since the first time it was used in 1986 by police forensics. In 2024, you can buy a range of DNA testing kits to uncover information about your family history, ancestry, personal identity, health information and more. 23andMe is among the websites that claim user privacy and “easy-to-digest” results relating to the research of your DNA.
It is easy to question how well this research can be trusted. In October 2023, 23andMe had a data breach of almost 6.9 million profiles from April 2023 to September 2023.
Hackers, one in particular under the pseudonym of Golem, had bought previously compromised company data off the dark web that contained information related to the accounts, such as the passwords of users. Those passwords were then linked to accounts that had reused those passwords and were not using double authentication.
Of the 6.9 million profiles that were exposed, it is estimated that one million of the profiles were of Jewish descent, and 100,000 were of Chinese descent, both with ancestry down to 0.1%.
A user whose data was compromised, J.L., said he was concerned about the breach due to rising anti-semitism and violence in the United States.
It is as vital as ever in this digital age to take precautions relating to your privacy by enabling MFA on your accounts, regularly changing your account passwords and above all, making informed decisions regarding the companies you disclose your personal information to.
One of the major problems with the security of these 23andMe profiles is that each account is not run through a secure terminal. As of now, it would be easy for hackers to have physical or virtual external access to someone’s account if they are not taking the proper privacy precautions.
After the breach, 23andMe published a letter “addressing data security concerns.” Part of their safety and security statement read:
“At 23andMe, we take security seriously. Since 2019 we’ve offered and encouraged users to use multi-factor authentication (MFA), which provides an extra layer of security and can prevent bad actors from accessing an account through recycled passwords.”
It is not necessarily the company’s fault that profiles were hijacked, especially since it does recommend MFA and for users to create a strong password that is changed regularly. Customers should also take precautions and know the risks of putting their personal data on any site.
Obviously, privacy concerns relating to you and your family’s name, address, birthdays, etc., should be kept private, but what about your DNA and family reports that are associated with your personal health reports?
23andMe claims that no databases, third parties, insurance companies or employers can be informed of your personal health data without your consent. They could make exceptions when relating to the law, such as murder cases and other crimes.
Your data could help in some ways, too. You can get data on diseases or cancers that run in your family or connect with lost relatives you didn’t know you had. On the flip side, health information could harm you or your family.
For example, if you have a possibility of a disease or cancer and your health insurance had access to that data, your insurance amount for aid could change. You could even reveal sensitive things, like someone in your family not being a biological member of your family.
DNA sites have obviously caused some harm by releasing private information the same way Google has. Both were run-ins with hackers. I think it is still safe to say that DNA sites can help you understand information about your DNA, ancestry, health, family history and more.
