- DNA testing company 23andMe experienced a data breach in October 2023, compromising the data of 6.9 million users.
- Data Security Posture Management (DSPM) is a cloud-based cybersecurity solution that could prevent such breaches.
In October 2023, 23andMe, a DNA testing company for ancestry discovery, disclosed that it experienced a significant data breach. Initially, the company claimed that the data of 14,000 users was compromised. However, on December 5th, it was revealed that the breach was much larger, with the compromise of 6.9 million users’ data. Bad actors stole sensitive data including ancestry information, family trees, names, user locations, years of birth, and relationship labels. These types of data are important to keep safe and secure to avoid potential data breaches.
One way that firms can protect their user’s data is by employing multiple layers of security and learning from high-profile breaches. Enterprise-grade solutions such as Cloud Data Security Posture Management (DSPM) can support growing infrastructure and prevent data breaches. DSPM is a cloud-based cybersecurity solution designed to discover, classify, and manage access to key data. It also identifies vulnerabilities and threats, potentially preventing data breaches and hacks.
With DSPM, companies can understand what data they have, classify it, flag potential vulnerabilities, and ensure compliance with industry standards. For instance, by classifying data and knowing who has access to it, security teams can appropriately protect it from hackers. Additionally, DSPM assists with access control management, such as enforcing best access practices like two-factor authentication and zero trust models.
Compliance is an essential factor in data security, and failing to adhere to such practices can lead to negative legal and financial consequences. DSPM can help firms comply with regulations and best practices, depending on the industry. For instance, 23andMe states that they adhere to the GDPR— data privacy for EU users. It remains unclear whether the company complied with other relevant regulations.
After a breach, companies can reduce reputational and financial damage by offering complimentary identity protection services for leaks of sensitive data. It could take considerable time to rebuild trust, particularly for businesses like 23andMe that emphasize privacy. Moreover, large enterprises dealing with sensitive data need robust security tools, such as DSPM, that can continually monitor the entire architecture.