23andMe's new owner says your DNA is safe this time The medical research nonprofit vying to buy 23andMe is informing existing customers that it plans to complete the deal on July 8. Founded by 23andMe's former CEO and co-founder Anne Wojcicki, TTAM Research Institute is behind the purchase of the beleaguered genetics biz, which was confirmed last week. It reportedly submitted …
Some years ago there was a paper in Nature which based on cluster analysis of DNA profiles plotted geographically. The criterion was grand parents (or possibly GGparents. I don't recall exactly) all being born within a given radius. Highland Britain and Ireland showed quite a number of regional variations. Lowland England was more or less a single cluster. That included Norfolk - indistinguishable from the rest. Fun facts included Ireland clearly showed up the four provinces and N & S Wales were distinct from each other.
I signed up for 23andMe and I was fully aware that they will mess this up. Data privacy is nothing people are actually willing to give you or better said it costs too much, Once you provide your data you should be ready to loose it to the internet. But then even if you keep it safe your friends and neighbors will spill it for you
"Customer privacy is at the core of TTAM's mission of helping individuals gain insight into, and benefit from, their genetic information. TTAM is committed to adhering to 23andMe's existing privacy policies of always honoring customers with choice and transparency."
Don't say you weren't warned.
"Founded by 23andMe's former CEO and co-founder Anne Wojcicki, TTAM Research Institute is behind the purchase of the beleaguered genetics biz, which was confirmed last week."
Isn't this what is referred to in Australia, as "phoenixing", where the same people simply operate the same business, the same way, under a different pretended shelf company name, to avoid their responsibilities and liabilities?
I suspect the data will be far less secure unless your concept of secure is 'less secure'.
I assume people deserve the right to sue (I mean, I sure would like the 'right' to sue). It is diabolical and unethical to suggest a EULA or TOS would 'travel' from one data holder to another in such a way.
Afraid that particular ball really should never be in any non-profit's (or for-profit)'s hands. Cancelled my WestLaw so no way to check up on the case law.
"23andMe's response to the breach did not go down well. Onlookers felt the company blamed its users following a statement it made claiming customers were negligent in failing to update their credentials that were compromised in prior, unconnected breaches."
Personally I think that comment was fair, people should use unique creds for web sites they will use to hold non trivial data.
Though (not a 23&Me user) the whole data sharing thing sounds a bit dubious (given 14K accounts allowed access to 7M, unless those 7M people made their data freely accessible to other 23&Me users, in which case - done at your own risk)
Any 23&Me users know how that data sharing aspect works? i.e. is your data private by default or is it freely shared to other 23&Me users?
If by credentials they mean an email address and password then 23&Me do carry some responsibility. Most people have a single email address. If they insisted on a non-email address - even better, assigned a unique one - then a harvested set of credentials from another site would have been useless.
Regarding how the data sharing works... I had a test done a few years ago and want to use it for genealogical research.
When you set up your account you get to choose to be part of the sharing. That tells you how much dna you share with other people and it the whole point if you are doing this for its genealogical aspects.
If you only signed up for the health reports then you don't share with anybody.
Then, if you share, you get to set all the values that matches can see, such as a real name or an alias, rough age, how precisely you define where you live. This is always less than what the company have about you.
Obviously I went through and chose what I was comfortable with getting stolen.
You do not share email address - if you want to contact somebody then it has to initially be through their internal messaging service.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
