The genetic data testing company 23andMe was the target of a hack aimed at users with Ashkenazi Jewish ancestry. (Wikimedia)

(JTA) — The genetic testing company 23andMe is facing a class action lawsuit over its security practices after hackers stole and published data about 1 million people with Jewish ancestry. 

The data breach was revealed on Friday after hackers published a database titled “ashkenazi DNA Data of Celebrities” on dark web forums. Most of the people on the list are not famous, and the database includes information such as display names, sex, birth year, and some details about users’ genetic ancestry results. 

The hacker from the initial leak offered to sell data profiles in bulk for $1 to $10 per account. But as many as 7 million accounts may be in the sale — half the users of 23andMe. It is unclear whether whoever compiled the Ashkenazi list — which actually has 999,999 entries — is the same as the group that put it up for sale, NBC News reported.

Forwarding the News

Thoughtful, balanced reporting from the Forward and around the web, bringing you updated news and analysis of the crisis each day.

Terms(Required)

I agree to the Forward's Terms of Service and Privacy Policy

Email(Required)

23andMe is treating the leak as authentic and investigating the incident. It is also requiring its users to change their passwords.

“We are taking this issue seriously and will continue our investigation to confirm these preliminary results,” the company said in a statement. 

It is also unclear why the data was stolen, and whether it is solely focused on Ashkenazi Jews. (The hacker also downloaded a separate file with data on more than 300,000 users with Chinese ancestry.)

“When data is shared relating to ethnic, national, political or other groups, sometimes it’s because those groups have been specifically targeted, but sometimes it’s because the person sharing the data thinks it’ll make reputation-boosting headlines,” Brett Callow, a threat analyst at security firm Emsisoft, told Wired.

23andMe confirmed last week that its data had been compromised but said that its systems were not breached. Instead, the company believes the hackers were able to get access to recycled passwords that had already been hacked and leaked on other websites and then used that information to scrape data through 23andMe, which gives its users access to each others’ genetic information to find relatives through a popular feature called “DNA Relatives.” 

“This incident really highlights the risks associated with DNA databases,” Callow said. “The fact that accounts had reportedly opted into the ‘DNA Relatives’ feature is particularly concerning as it could potentially result in extremely sensitive information becoming public.”

This article originally appeared on JTA.org.

A message from our CEO & publisher Rachel Fishman Feddersen

I hope you appreciated this article. Before you move on, I wanted to ask you to support the Forward’s award-winning journalism during our High Holiday Monthly Donor Drive.

This year, we have stood together in strength and sorrow. Our Forward team has worked around the clock to help you find clarity amid the chaos.

If you’ve turned to the Forward in the past 12 months to better understand the world around you, we hope you will support us with a gift now. Your support has a direct impact, giving us the resources we need to report from Israel and around the U.S., across college campuses, and wherever there is news of importance to American Jews.

Make a monthly or one-time gift and support Jewish journalism throughout 5785. The first six months of your monthly gift will be matched for twice the investment in independent Jewish journalism. 

—  Rachel Fishman Feddersen, Publisher and CEO

Join our mission to tell the Jewish story fully and fairly.

$36 $500

$120 $180 Other amount