23andMe hack: What can genealogists do?

23andMe hack: What can genealogists do?

23andMe, the genetic testing company used by many genealogists, recently admitted that millions of user accounts had been hacked. Why does the 23andMe hack matter, and what should we do as 23andMe customers? Read on …

23andMe gets a “D” for how it handled the breach. Instead of admitting fault that hackers had launched an undetected campaign to scrape millions of customer records, the Silicon Valley company instead blamed its customers for reusing passwords. The only thing the company did right: Promising to notify affected account holders.

Ancestry family tree

Alarmingly, 23andMe is not the first online genealogy service to get hacked:

These are incidents that have been made public as required by law. There are surely thousands of other smaller incidents that are not reported, as well as major breaches that the companies themselves don’t even know about yet.

7 data security tips in the short term

The pattern is clear. In our opinion, not one of these companies can be trusted to keep private, personal, or confidential data out of the hands of hackers. A mixture of hubris, flawed technology, and weak regulation means similar incidents will continue for years to come.

On the other hand, these services are incredibly useful. FamilySearch and Ancestry make it easy to access vital records, census returns, and other genealogy data.

23andme hack

We believe there is a middle ground that lets genealogists protect private information while leveraging these services for family history. Here are our recommendations:

  1. Employ unique passwords for each site you use.
  2. Use a current email address, so you can more easily reset passwords and get notifications of breaches.
  3. If you are technically savvy, use two-factor authentication (2FA) services if they are offered (23andMe has this option).
  4. If possible, do not use debit cards for genealogy subscriptions as protections are limited if the card number is stolen.
  5. Reconsider sharing settings. What is your tolerance for sharing DNA, or personal information?
  6. Don’t enter the full names, real birthdates, or actual birthplaces of living relatives or yourself. This data can be used for targeted attacks.
  7. Don’t upload sensitive family data you don’t want shared, stolen, or misused.

On this last point, while I use some of these online sites for research, I have NEVER uploaded a complete family tree GEDCOM from my PC genealogy software. I don’t trust any online genealogy service, even FamilySearch, to be responsible shepherds of sensitive family data and important records.

A long-term approach for genealogy data after the 23andMe hack

Long term, genealogists need to take control of their research. Most for-profit tech companies won’t exist in 25 years, which means uploaded family tree data will be lost, corrupted, or sold off to the highest bidder.

This means keeping hard copies of key family records. Storing computer files on hardware you control with secure backups. And sharing paper genealogy charts (or genealogy PDF printouts) with as many relatives as possible.

genealogy PDF

Back to blog