On the surface, genetic testing services like 23andMe can sound like a worthwhile investment. From one saliva sample, you can access ancestry composition, family health history, and genotyping reports related to cancer risks and heart health. However, these incentives don’t always outweigh the potential consequences of participating in genetic testing. Relinquishing your DNA to major corporations can make you extremely vulnerable in the event of a data breach, which is exactly what happened to 6.9 million 23andMe customers last year.
RELATED: The Hidden Dangers of Using 23andMe, Former FBI Agent Warns.
In late 2023, it was reported that 23andMe had fallen victim to a data breach affecting about 14,000 accounts. However, that estimate only scratched the surface. An investigation uncovered that the hackers were able to access an additional 6.9 million accounts thanks to 23andMe’s DNA Relatives feature, an interactive tool that allows users to connect and share data with potential relatives on the site, per a 23andMe press release.
DNA Relatives is an optional feature that comes with your 23andMe account. However, if permitted, it allows users to share names, birthdays (DOB), ancestry data, and other sensitive data, all of which were leaked in the breach, according to Forbes.
Those impacted by the data breach should have received an email from 23andMe with instructions for resetting their passwords and setting up two-step verification.
Since the investigation was completed, 23andMe has been involved in a data security lawsuit. But in Sept. 2024, the company agreed to a $30 million settlement deal, with individual compensation ranging from $100 all the way up to $10,000.
Claims can be submitted via the official 23andMe settlement website, once it’s up and running.
Affected customers will have three claim forms to choose from: Extraordinary Claims (for those who experienced identity theft), Health Information Claims (for those whose health information was exposed), and Statutory Health Claims (only for residents in California, Illinois, Oregon, and Alaska).
If you’re filing an Extraordinary Claim, you must also provide “supporting documentation like receipts or records of expenses related to identity protection or financial losses,” per Forbes. Those who qualify may receive up to $10,000 in compensation.
Additionally, 23andMe is giving all affected customers three years of Privacy & Medical Shield + Genetic Monitoring for free as an additional security bonus.
RELATED: How to Know If a Website Is a Scam: 11 Best Ways to Protect Yourself.
If you’re interested in discontinuing your 23andMe services and wish to wipe your data from the site entirely, the company has a detailed process for doing so. However, this action is irreversible, so double-check that you’ve downloaded any ancestry data or health information you think is worth saving for personal records.
“Once you confirm your request, we will immediately and automatically begin the deletion process and you will lose access to your account. Once confirmed, this process cannot be canceled, undone, withdrawn, or reversed,” reads a company statement.
With data breaches and identity theft on the rise, experts like Jason Kelley are urging people to reconsider with whom and how much data is being shared.
"In general, sharing data like this with any third party is something people should take seriously," the Electronic Frontier Foundation activism director told CBS News. "For a long time, people have not known what information they were giving away and how it was used and people becoming more aware of how their information can be used or it can be dangerous if there is a data breach."
