23AndMe hit by network compromise
Incident
Summary
Hide ▲
Show ▼
23andMe disclosed a credential-stuffing breach that exposed data on 6.9 million customers, including genetic ancestry information. The unauthorized access ran from April 2023 to September 2023 before being disclosed in October 2023. The compromise turned account reuse into a large-scale privacy and identity risk, with stolen data later appearing for sale on the dark web.
Related Happenings
23AndMe multistate genetic-data settlement and ICO fine
Regulatory/Legal Action
H score55
First: 16.07.2026 16:47
Last: 16.07.2026 16:47
Sources 1
How related:
23andMe (now Chrome Holding Co.) has agreed to pay $18 million to settle claims from a coalition of 43 attorneys general that it failed to protect customers' genetic data.
About this happening:
23andMe agreed to pay $18 million to settle multistate claims over its failure to protect customers' genetic data, extending the legal fallout from the 2023 breach. Re...
23AndMe multistate genetic-data settlement and ICO fine
Regulatory/Legal ActionHow related: 23andMe (now Chrome Holding Co.) has agreed to pay $18 million to settle claims from a coalition of 43 attorneys general that it failed to protect customers' genetic data.
About this happening: 23andMe agreed to pay $18 million to settle multistate claims over its failure to protect customers' genetic data, extending the legal fallout from the 2023 breach. Re...
Erie Family Health Centers data leak exposing credentials and medical data
Data Leak
H score65
First: 18.05.2026 15:58
Last: 18.05.2026 15:58
Sources 1
About this happening:
Erie Family Health Centers disclosed a data leak that exposed 570,000 people and included credentials, financial information, and medical information. Inve...
Erie Family Health Centers data leak exposing credentials and medical data
Data LeakAbout this happening: Erie Family Health Centers disclosed a data leak that exposed 570,000 people and included credentials, financial information, and medical information. Inve...
BlackFile vishing extortion campaign targeting retail and hospitality organizations
Campaign
H score37
First: 24.04.2026 21:26
Last: 24.04.2026 21:26
Sources 1
About this happening:
The BlackFile campaign is driving vishing-based data theft and extortion against retail and hospitality organizations, putting employee credentials and enterprise data...
BlackFile vishing extortion campaign targeting retail and hospitality organizations
CampaignAbout this happening: The BlackFile campaign is driving vishing-based data theft and extortion against retail and hospitality organizations, putting employee credentials and enterprise data...
UK Information Commissioner's Office Imposed a £1.2m ($1.6m) fine on LastPass on Creates regulatory and financial consequences for inadequate security controls
Regulatory/Legal Action
H score45
First: 12.12.2025 11:10
Last: 12.12.2025 11:10
Sources 1
About this happening:
UK ICO fined LastPass £1.2m ($1.6m) for security failings linked to a 2022 data breach, putting a regulatory cost on controls that left personal data exposed. The...
UK Information Commissioner's Office Imposed a £1.2m ($1.6m) fine on LastPass on Creates regulatory and financial consequences for inadequate security controls
Regulatory/Legal ActionAbout this happening: UK ICO fined LastPass £1.2m ($1.6m) for security failings linked to a 2022 data breach, putting a regulatory cost on controls that left personal data exposed. The...
Timeline
-
16.07.2026 16:47 2 articles · 1h ago
23AndMe hit by network compromise
Initial DisclosureCredential-stuffing attacks against 23andMe stayed undetected for five months, enabling unauthorized access to customer accounts. The compromise ultimately exposed data on 6.9 million customers, including genetic ancestry information.
Show sources
- 23andMe to pay $18 million in new genetics data breach settlement — www.bleepingcomputer.com — 16.07.2026 16:47
- 23andMe to pay $18 million in new genetics data breach settlement — www.bleepingcomputer.com — 16.07.2026 16:47