Millions of people have sent swabs of their DNA to consumer testing services to find out about their genetic heritage, but just how secure is that information?
In autumn 2023, a hacker called Golem posted on a well-known message board for cybercriminals, announcing a trove of data stolen from 23andMe, one of the biggest names in at-home DNA testing. The company later acknowledged that the hacker had gained access to personal information in 6.9 million of its users' profiles.
It seemed to be an ethnically targeted attack: Golem boasted about having access to the accounts of people of Ashkenazi Jewish heritage who had sent their DNA to 23andMe, and offered to sell it to whoever was prepared to pay. News began to circulate suggesting the data breach on Friday 6 October 2023 may have even had antisemitic motivations.
A post purportedly from Golem offered for sale "tailored ethnic groupings, individualized data sets, pinpointed origin estimations, haplogroup details, phenotype information, photographs, links to hundreds of potential relatives, and, most crucially, raw data profiles".
I think I remember some big youtuber talking about the possible effect a data breach would have, when 23andMe was getting started.
Lo and behold, it finally happend
Isn't it sad that certain negative outcomes can be easily predicted by anyone bothering to think things through, yet no effort ever seems to go to mitigation, only spin and crocodile tears after the fact.