Personalis Data Breach Potentially Exposes PII and PHI

On Feb. 4, 2026, a data breach involving Personalis, Inc., a biotechnology company based in Fremont, Calif., was disclosed to the U.S. Department of Health and Human Services. The incident affected 650 individuals in the United States.

The HHS has listed the type of breach as hacking/ IT, though specific details about the method of intrusion or the party responsible have not been publicly released at this time.

The exposed data may have included personally identifiable information (PII) and protected health information (PHI) such as names, addresses, dates of birth, contact details, and potentially medical or genetic data related to Personalis' cancer genomics and sequencing services. No data types have been confirmed at this time.

Personalis's response

Affected individuals should remain vigilant by monitoring their accounts for unusual activity, reviewing statements from healthcare providers, and considering placing fraud alerts or credit freezes if sensitive financial information was involved.

Given the nature of the information handled by Personalis, it is important for those affected to be cautious of potential phishing attempts or identity theft.

Those impacted are encouraged to review any official notices that may be sent by the company in the future and to take advantage of any credit monitoring or identity protection services that may be offered as part of the breach response.