The hackers would be able to access anything available on those 14,000 profiles, including health and ancestry information, the company spokeswoman said.
The breach also opened the door to millions of other profiles of customers — about half of all 23andMe customers — who wanted to use 23andMe to connect with those who had close DNA matches, she said. Users could opt in to a feature called DNA Relatives, where they could provide select information to others on 23andMe who might be a close DNA match.
The hackers gained access to information from 5.5 million DNA Relatives profiles, which includes a display name, how recently they logged into their account, percentage of DNA shared with their DNA relatives’ matches and predicted relationship with that person, according to a 23andMe statement. It also may include self-reported information like geographic location, birth year, family tree and any photos they may have uploaded.
Also, hackers were able to access the Family Tree profile information of about 1.4 million other customers participating in the DNA Relatives feature, including display names and relationship labels. Information may also include birth year and geographic location if the user chose to share that data, the company said.
23andMe is in the process of notifying all affected customers, as required by law. There is no timeline for when everyone will be notified, the spokeswoman said.