DNA testing company 23andMe has released further details surrounding an October data breach, where user profile information had been accessed and downloaded at the hands of a threat actor.

On Oct. 1, a threat actor made a post on the Dark Web claiming to possess profile information of 23andMe users; later, the perpetrators released 4 million more records they alleged to be stolen from the company. This led the company to launch an investigation alongside third-party experts. In light of the investigation, 23andMe now reports that the information that was accessed without authorization is a small percentage of user accounts (0.1%).