Genetic testing company 23andMe has revealed that hackers gained access to approximately 14,000 customer accounts during a recent data breach. The company made this disclosure in a filing with the U.S. Securities and Exchange Commission. According to 23andMe, this represents 0.1% of its customer base, which exceeds 14 million customers globally.

In addition to the compromised accounts, the hackers were able to access a “significant number” of files containing profile information related to the ancestry of other users. The affected data primarily pertained to individuals who had chosen to share their information through 23andMe’s DNA Relatives feature.

The company did not provide specific details regarding the extent of the files accessed or the number of additional users impacted by the breach. 23andMe acknowledged that the security incident occurred through a method known as “credential stuffing,” where cybercriminals exploit known passwords, potentially leaked from other breaches.

The repercussions extended beyond the directly affected customers, as 23andMe’s DNA Relatives feature allows users to share information with others who opt into the service. Consequently, the hackers, by compromising one user’s account, gained access to personal data linked to that user’s connections.

The stolen data from the initial 14,000 accounts mainly included ancestry information, with a subset containing health-related information based on the users’ genetic data. 23andMe is expected to face increased scrutiny and questions about the extent of the breach and the measures in place to safeguard customer data.