As Reuters reports, 23andMe recently emailed several customers to notify them of “unauthorized access” into one or more accounts linked to theirs through the “DNA Relatives” feature, through which users worldwide can connect and share personal data.

The company previously said it was cooperating with experts and law enforcement to investigate the breach.

A 23andMe spokesperson declined to comment to Reuters about the emails, citing the existing inquiry, and pointed to an October 20 blog post in which the company said it was pausing aspects of “DNA Relatives” for privacy reasons.

Meanwhile, the hacker behind the initial cache of 23andMe data leaked a dataset containing four million more user records, as TechCrunch reports. In an online forum, the hacker claimed the leak included data from “the wealthiest people living in the U.S. and Western Europe on this list.” A 23andMe spokesperson said that the company was “reviewing the data to determine if it is legitimate.”

In an earlier announcement, 23andMe said hackers used credential stuffing, the popular tactic of entering login details that are already public from other breaches, and urged customers to change their passwords.

Senator Bill Cassidy (R-La.) has called on 23andMe to provide more information about the breach, as PYMNTS reports. The top GOP member on the Senate’s health committee indicated worries about genetic information possibly being used by malicious actors.

According to The Conversation, the 23andMe leak “challenges how we think about privacy, data security and corporate accountability in the information economy.” The site notes that most personal data in the information economy is inextricably connected to other people’s data, which means vulnerabilities are globally networked, too.