Summary
In recent news, genetics testing giant, 23andMe, has informed several of its users about a security breach concerning its "DNA Relatives" feature. This feature, which enables users globally to compare and share ancestry data, was infiltrated, potentially exposing sensitive information like relationship labels, ancestry reports, matching DNA segments, and more.
Main information :
- The breach was discovered after a hacker boasted about stealing millions of data pieces from 23andMe on an online platform.
- 23andMe has been actively collaborating with federal law enforcement and forensic experts to delve deeper into the matter.
- The company has communicated to its users that unauthorized access was gained to certain accounts linked via the "DNA Relatives" feature.
- Post the revelation of this breach, there's been a surge in concerns among users about the potential misuse of their ethnicity and other sensitive data.
- 23andMe has temporarily disabled certain features in the "DNA Relatives" section to prioritize user privacy during this investigation.
Sign up for our newsletter
We like to keep our readers up to date on complex regulatory issues, the latest industry trends and updated guidelines to help you to solve a problem or make an informed decision.
Sign up for our newsletter
We like to keep our readers up to date on complex regulatory issues, the latest industry trends and updated guidelines to help you to solve a problem or make an informed decision.
Vendor GDPR in Clinical Trials: What the IQVIA CNIL Ruling Changes for Sponsors and Healthtech Companies
On 26 May 2026 the CNIL fined IQVIA Operations France EUR 5 million for failures in its two authorised health data warehouses, LRX and EMR. The decision exposes weaknesses in CRO data protection practice that have direct consequences for every pharmaceutical sponsor relying on a CRO to process patient, prescription or trial data. This article unpacks the four areas of failure, explains why pseudonymisation no longer offers the cover many sponsors assume, and sets out a practical oversight checklist for sponsor data controllers.
EU AI Act for Healthcare: What Life Sciences Companies Need to Know before August 2026
EU AI Act 2026 healthcare enforcement requires immediate compliance to avoid penalties.
Navigating US Regulatory Requirements for AI-Powered Medical Devices: A Comprehensive Guide to FDA, HIPAA, and IRB Compliance
US AI medical device compliance requires navigating FDA, HIPAA, IRBs, and consent waivers strategically.
FAQs
Our frequently questions