CRW

Home Wiki

Ancestry.com

View on consumerrights.wiki ↗

Work in progress
This article has been flagged for additional work. Treat its claims as provisional.
Verification concerns
Editors have raised concerns about the verifiability of one or more claims.
Citations needed
Some claims in this article have not been independently sourced.
Contents7
  1. Consumer impact summary
  2. Privacy
  3. Anti-consumer practices
  4. Cancellation policy
  5. Incidents
  6. Data Breach (2015)
  7. References

⚠️ Article status notice: This article has been marked as incomplete

This article needs additional work for its sourcing and verifiability to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. In particular:

  1. This need work to fit the company article format
  2. The section regarding the data leak is empty

This notice will be removed once the issue/s highlighted above have been addressed and sufficient documentation has been added to establish the systemic nature of these issues. Once you believe the article is ready to have its notice removed, please visit the Moderator's noticeboard, or the discord and post to the #appeals channel.

Learn more ▼

This Article Requires Additional Verification

This article has been flagged due to verification concerns. While the topic might have merit, the claims presented lack citations that live up to our standards, or rely on sources that are questionable or unverifiable by our standards. Articles must meet the Moderator Guidelines and Mission statement; factual accuracy and systemic relevance are required for inclusion here!

Why This Article Is In Question

Articles in this wiki are required to:

  • Provide verifiable & credible evidence to substantiate claims.
  • Avoid relying on anecdotal, unsourced, or suspicious citations that lack legitimacy.
  • Make sure that all claims are backed by reliable documentation or reporting from reputable sources.

Examples of issues that trigger this notice:

  • A topic that heavily relies on forum posts, personal blogs, or other unverifiable sources.
  • Unsupported claims with no evidence or citations to back them up.
  • Citations to disreputable sources, like non-expert blogs or sites known for spreading misinformation.
How You Can Improve This Article

To address verification concerns:

  • Replace or supplement weak citations with credible, verifiable sources.
  • Make sure that claims are backed by reputable reporting or independent documentation.
  • Provide additional evidence to demonstrate systemic relevance and factual accuracy. For example:
    • Avoid: Claims based entirely on personal anecdotes or hearsay without supporting documentation.
    • Include: Corporate policies, internal communications, receipts, repair logs, verifiable video evidence, or credible investigative reports.

If you believe this notice has been placed in error, or once the article has been updated to address these concerns, please visit the Moderator's noticeboard, or the #appeals channel on our Discord server: Join here.


Ancestry.com
Basic Information
Release Year 1996
Product Type Genealogy
In Production Yes
Official Website https://ancestry.com/

Ancestry.com, owned by The Blackstone Group, is a genealogy company based in the US, known for its DNA testing and family trees.[1]

Consumer impact summary

Strict cancellation and renewal policy

Their business model centers around subscription plans which have the following restrictions.

  • Predefined cancellation fees (e.g., up to $25, $50, or the remaining balance).[2]
  • Consumers need to cancel at least two days before the renewal date or trial expiration.[2]
  • Limited to narrow, front-loaded refund windows.[how?]
  • Only long-term commitments, such as 6-month and 12-month plans.[citation needed (27 Jan 2026)]

Privacy

Their Privacy Policies regarding consumer data are subject to change. This can leave many consumers unaware of potential updates to the terms that govern how their data is handled, an especially concerning issue given that genetic data is unique, sensitive, and carries significant implications for consumers’ relatives.[citation needed (27 Jan 2026)]

Data breach

Ancestry.com was involved in a data breach where about 300,000 email addresses, usernames, and plaintext passwords were exposed. The breach happened in 2015, but it wasn’t until late 2017 when it was finally discovered and confirmed.[3]

Anti-consumer practices

Cancellation policy

Ancestry.com may charge a cancellation fee for "Subscriptions Longer than a Month, Billed Monthly" if users do not cancel within the first 14 days.[2][4]

Where offered, some subscriptions longer than a month may be eligible for monthly billing. Even though you will be billed monthly, you are committing to the entire length of your subscription (e.g. 6 months or 12 months).

(1) cancel immediately for a full refund of the first month’s fee and immediate loss of access, or (2) cancel effective at the end of the first month, subject to a cancellation fee. If you change from this type of subscription to a different type of subscription before the end of your subscription term, you will receive a prorated refund for the remainder of the current paid month, and you may be charged a cancellation fee. For subscriptions purchased on www.ancestry.com, cancellation fees are the lesser of (i) $25 USD for 6-month subscriptions or $50 USD for 12-month subscriptions (plus any applicable taxes) or (ii) the remaining cost of your subscription

Ancestry's older price pages showed an offer which followed these cancellation terms, along with a citation showing the commitment, but this offer has since been removed from the page.[5]

Incidents

Data Breach (2015)

RootsWeb, an Ancestry service, suffered a significant data breach. A file containing the access data of approximately 297.8 thousand users was publicly accessible on its server from November 2015 to December 2017.[6][7][3] The company published a security update on its official website, which is now unavailable, stating that it temporarily shut down RootsWeb and locked all compromised Ancestry accounts, requiring users to change their passwords.[8] Below is part of the full statement:

We want to share an important security update with you.

Last Wednesday, December 20, Ancestry’s Information Security Team received a message from a security researcher indicating that he had found a file containing email addresses/username and password combinations as well as user names from a RootsWeb.com server. Our Information Security Team reviewed the details of this file, and confirmed that it contains information related to users of Rootsweb’s surname list information, a service we retired earlier this year. For those of you who are unfamiliar, RootsWeb is a free community-driven collection of tools that are used by some people to host and share genealogical information. Ancestry has been hosting dedicated RootsWeb servers as a favor to the community since 2000. Importantly, RootsWeb does not host sensitive information like credit card numbers or social security numbers, and is not supported by the same infrastructure as Ancestry’s other brands. We are in the process of informing all impacted customers and will also be working with regulators and law enforcement as appropriate.

We also reviewed the RootsWeb file to see if any of the account information overlapped with existing accounts on Ancestry sites. We did confirm that a very small number of accounts – less than one percent of our total customer group – used the same account credentials on both Rootsweb and an Ancestry commercial site. We are currently contacting these customers.

In all cases, any user whose account had its associated email/username and password included on the file has had their accounts locked and will need to create a new password the next time they visit.

What We’ve Done

As a result of this discovery, we have taken two immediate corrective actions.

First, for the approximately 55,000 customers who used the same credentials at RootsWeb’s surname list and Ancestry – whether currently active or not – we have locked their Ancestry accounts and will require that they create a new password the next time they visit. We have also sent them emails to alert them to the situation. Though we have seen no activity that indicates these accounts have been compromised, we believe taking this additional measure is the right step to ensure the security of these customers. If you have not received an email or a notice requiring you to change your password, you have not been affected. Again, this issue involves less than one percent of our users, so there is a very good chance your account wasn’t involved.

Second, we have temporarily taken RootsWeb offline, and are working to ensure that all data is saved and preserved to the best of our ability. As RootsWeb is a free and open community that has been largely built by its users, we may not be able to salvage everything as we work to resolve this issue and enhance the RootsWeb infrastructure.

What You Should Do

If you are a customer whose account was impacted, you will receive an email telling you that you need to change your password. In that case, you will be required to create a new password the next time you visit Ancestry.

For the vast majority of customers who are not impacted by this, there is nothing you need to do as a result of this incident. However, we always recommend that you take the time to evaluate your own security settings. Please, never use the same username and password for multiple services or sites. And it’s generally good practice to use longer passwords and to change them regularly.

References

  1. "Our Story". Ancestry Corporate. 27 Jan 2026. Archived from the original on 7 Jan 2026. Retrieved 27 Jan 2026.
  2. 2.0 2.1 2.2 "Ancestry Renewal and Cancellation Terms". Ancestry. 2 Dec 2025. Archived from the original on 11 Oct 2025. Retrieved 2025-02-05.
  3. 3.0 3.1 Spring, Tom (27 Dec 2017). "Leaky RootsWeb Server Exposes Some Ancestry.com User Data". threatpost. Archived from the original on 18 Aug 2025. Retrieved 9 Aug 2025.
  4. "Cancelation fee ?". Reddit. 26 Jun 2023. Archived from the original on 26 Jun 2023. Retrieved 9 Aug 2025 – via Reddit.
  5. "Become a member". Ancestry. 2 Dec 2025. Archived from the original on 2024-08-24. Retrieved 2 Dec 2025.
  6. "Ancestry". haveibeenpwned.com. Archived from the original on 18 Dec 2025. Retrieved 9 Aug 2025.
  7. "What happened in the Ancestry data breach?". Twingate. 22 Feb 2024. Archived from the original on 22 Feb 2026. Retrieved 9 Aug 2025.
  8. Blackham, Tony (23 Dec 2017). "RootsWeb Security Update". Ancestry. Archived from the original on 27 Dec 2017. Retrieved 9 Aug 2025.
Filed under