23andMe says some customer profiles were accessed in cybersecurity breach

By Ben Glickman

23andMe said that the profile information of some customers was accessed without their permission by a third party.

The South San Francisco, Calif.-based human genetics company said in a regulatory filing on Tuesday that there was no indication of a data security incident in its systems. 23andMe (ME) also said there wasn't anything to suggest that it was the source of the credentials used in the cyberattack.

The company said it believed a third party was able to access accounts because some of its customers' usernames and passwords were the same as those used on other websites that had been previously compromised. The company said the information that was accessed is created by users, who have to option to share it through the company's DNA Relatives feature.

23andMe said it is working to mitigate the impact of the incident and was investigating the scope of the attack. The company has hired forensic experts to help with the investigation.

The company said it was unable to predict the costs associated with the incident.

This content was created by MarketWatch, which is operated by Dow Jones & Co. MarketWatch is published independently from Dow Jones Newswires and The Wall Street Journal.

(END) Dow Jones Newswires

10-10-23 1930ET

Copyright (c) 2023 Dow Jones & Company, Inc.