Find notable cyber news and cases, enriched with sources, timelines, and signals.

23AndMe hit by network compromise

Incident
First reported
Last updated
Happening score
H score 73
1 unique sources, 1 articles

Summary

Hide ▲

23andMe disclosed a credential-stuffing breach that exposed data on 6.9 million customers, including genetic ancestry information. The unauthorized access ran from April 2023 to September 2023 before being disclosed in October 2023. The compromise turned account reuse into a large-scale privacy and identity risk, with stolen data later appearing for sale on the dark web.

Related Happenings

23AndMe multistate genetic-data settlement and ICO fine

Regulatory/Legal Action
H score55 First: 16.07.2026 16:47 Last: 16.07.2026 16:47 Sources 1

How related: 23andMe (now Chrome Holding Co.) has agreed to pay $18 million to settle claims from a coalition of 43 attorneys general that it failed to protect customers' genetic data.

About this happening: 23andMe agreed to pay $18 million to settle multistate claims over its failure to protect customers' genetic data, extending the legal fallout from the 2023 breach. Re...

Erie Family Health Centers data leak exposing credentials and medical data

Data Leak
H score65 First: 18.05.2026 15:58 Last: 18.05.2026 15:58 Sources 1

About this happening: Erie Family Health Centers disclosed a data leak that exposed 570,000 people and included credentials, financial information, and medical information. Inve...

BlackFile vishing extortion campaign targeting retail and hospitality organizations

Campaign
H score37 First: 24.04.2026 21:26 Last: 24.04.2026 21:26 Sources 1

About this happening: The BlackFile campaign is driving vishing-based data theft and extortion against retail and hospitality organizations, putting employee credentials and enterprise data...

UK Information Commissioner's Office Imposed a £1.2m ($1.6m) fine on LastPass on Creates regulatory and financial consequences for inadequate security controls

Regulatory/Legal Action
H score45 First: 12.12.2025 11:10 Last: 12.12.2025 11:10 Sources 1

About this happening: UK ICO fined LastPass £1.2m ($1.6m) for security failings linked to a 2022 data breach, putting a regulatory cost on controls that left personal data exposed. The...

Timeline

  1. 16.07.2026 16:47 2 articles · 1h ago

    23AndMe hit by network compromise

    Initial Disclosure

    Credential-stuffing attacks against 23andMe stayed undetected for five months, enabling unauthorized access to customer accounts. The compromise ultimately exposed data on 6.9 million customers, including genetic ancestry information.

    Show sources