23andMe is the latest in a year of huge cyberattacks

People are used to getting surprises when they sign up for 23andMe, but “some hackers got their hands on your DNA” usually isn’t among them.

What happened: 23andMe disclosed that an October data breach allowed hackers to steal data from 6.9 million users.

  • The company had initially said 14,000 accounts were directly accessed, but the interconnected nature of 23andMe’s service means only 0.1% of the company’s accounts were needed to access data from over half of its customers.
  • Data accessed included name, birth year, location, the percentage of DNA shared with relatives, ancestry reports and relationship labels (which flag people with enough shared DNA to be relatives).

Why it matters: Cyberattacks have been on the rise — BlackBerry said it detected 26 per minute last quarter — creating a major reputational and financial risk for companies.

  • The brand image hit can be especially rough for companies dealing in sensitive data, like health and finances. More sinisterly, the initial leak of 23andMe’s stolen data also seemed to target Jewish and Chinese users.
  • Between lawsuits, ransoms, operational disruptions and increased insurance premiums, the monetary impact is also huge. IBM says the average cost of a data breach this year is US$4.45 million.

Why it’s happening: AI has made hacking easier by running scripts that crack accounts more effectively and write more convincing phishing emails.

  • More connected devices — from home appliances to business infrastructure — also means more potential access points for hackers.
  • People also have more accounts for more online services. Sometimes they contain info that can be used to gain access to other accounts, but more commonly, they reveal the one password someone re-uses for everything.

Catch-up: We can’t give you an idea of the scale of the issue without filling up the entire newsletter, but here are a few of the major incidents from just the last four weeks.