23andMe is investigating reports of a new data breach involving millions of user records. On Wednesday, TechCrunch reported that a hacker claims to have leaked 4 million genetic profiles belonging to people in Britain, along with “the richest people living in the United States and Western Europe.”
The hacker, who calls himself “Golem,” is the same one who stole 1 million lines of genetic data from 23andMe earlier this month, according to TechCrunch. Golem posted this latest round of data on hacking site BreachForums.
Katie Watson, vice president of communications at 23andMe, says The edge The company was “informed” that the same hacker claims to have leaked another trove of what he claims is customer information. “We are currently reviewing the data to determine if it is legitimate,” Watson says. “Our investigation is ongoing and if we learn that a customer’s data has been accessed without their authorization, we will notify them directly with more information.”
In a published blog post On October 6, 23andMe confirmed that the data included in the previous leak was legitimate and affected the platform’s DNA Relatives feature, which allows users to match with other potential genetic relatives on 23andMe. At the time, 23andMe said it found no signs of a security incident within its systems, adding that the hacker was able to access user accounts using “recycled” login credentials that were exposed in other attacks.
This latest leak also involves the DNA Relatives feature, potentially allowing the hacker to extract information belonging to relatives an account matches.