23andme Is Asked to Confirm if Data Security Is Part of Its DNA

  • Connecticut AG William Tong sent an inquiry letter to 23andMe, Inc. asking the genetic testing and ancestry company for more information regarding an October 6th press release in which it disclosed that customer profile information had been compiled and released by a threat actor who was able to access accounts in instances where users recycled login credentials.
  • In the letter, AG Tong states that to date, 23andMe had not yet submitted a notice to the OAG as is required following a security breach compromising the personal information of Connecticut residents. He also notes reports indicating that the threat actor appears to have targeted individuals with Ashkenazi Jewish and Chinese ancestry, which he asserts is especially troubling given the rise of anti-Semitic and anti-Asian rhetoric in recent years.
  • AG Tong states that the incident calls into question the company’s compliance with the Connecticut Data Privacy Act and asks 23andMe for information regarding its policies and procedures for obtaining consent from users and ensuring the confidentiality of sensitive personal information.
  • To hear our deep dive into how this story showcases the power and influence of AGs and how it could reverberate through the debt servicing industry, listen to our podcast here.