23andMe Data Breach - Hackers Targeted Jewish and Chinese Users Data
23andMe (NASDAQ:ME) faced a major data breach in December 2023, affecting approximately 7 million users. A class action lawsuit reveals that hackers specifically targeted Jewish and Chinese customers, compiling and selling their personal genetic information on the dark web. The breach included a leak of over 1 million Jewish customers and 350,000 Chinese customers. The company allegedly concealed these details when notifying affected users. The lawsuit claims 23andMe has not informed compromised customers about the specific targeting or the dark web disclosure. The hacked data included genetic heritage, names, addresses, phenotype and health information, photos, and identification data.
23andMe (NASDAQ:ME) ha subito una grave violazione dei dati nel dicembre 2023, che ha colpito circa 7 milioni di utenti. Una causa collettiva rivela che gli hacker hanno specificamente preso di mira clienti ebrei e cinesi, raccogliendo e vendendo le loro informazioni genetiche personali nel dark web. La violazione ha incluso la fuga di oltre 1 milione di clienti ebrei e 350.000 clienti cinesi. L'azienda avrebbe nascosto questi dettagli quando ha informato gli utenti colpiti. La causa afferma che 23andMe non ha informato i clienti compromessi riguardo al targeting specifico o alla divulgazione nel dark web. I dati violati includevano informazioni sulla genetica, nomi, indirizzi, fenotipo e informazioni sulla salute, foto e dati identificativi.
23andMe (NASDAQ:ME) enfrentó una grave violación de datos en diciembre de 2023, afectando aproximadamente a 7 millones de usuarios. Una demanda colectiva revela que los hackers se dirigieron específicamente a clientes judíos y chinos, recopilando y vendiendo su información genética personal en la dark web. La violación incluyó una filtración de más de 1 millón de clientes judíos y 350,000 clientes chinos. La compañía supuestamente ocultó estos detalles al notificar a los usuarios afectados. La demanda sostiene que 23andMe no ha informado a los clientes comprometidos sobre el targeting específico ni la divulgación en la dark web. Los datos hackeados incluían herencia genética, nombres, direcciones, fenotipo e información de salud, fotos y datos de identificación.
23andMe (NASDAQ:ME)는 2023년 12월에 대규모 데이터 유출을 겪었으며, 약 700만 사용자에게 영향을 미쳤습니다. 집단 소송에 따르면 해커들은 유대인 및 중국 고객을 특정적으로 겨냥하여 개인 유전 정보를 다크 웹에서 수집하고 판매했습니다. 유출된 데이터에는 100만 명 이상의 유대인 고객과 35만 명의 중국 고객의 정보가 포함되었습니다. 회사는 피해 사용자에게 알릴 때 이러한 세부 정보를 숨겼다고 전해졌습니다. 소송은 23andMe가 손상된 고객에게 특정 타겟팅이나 다크 웹 공개에 대한 정보를 알리지 않았다고 주장합니다. 해킹된 데이터에는 유전 정보, 이름, 주소, 표현형 및 건강 정보, 사진, 신원 데이터가 포함되어 있습니다.
23andMe (NASDAQ:ME) a subi une violation majeure de données en décembre 2023, touchant environ 7 millions d’utilisateurs. Un recours collectif révèle que des hackers ont spécifiquement ciblé des clients juifs et chinois, en compilant et en vendant leurs informations génétiques personnelles sur le dark web. La violation a inclus la fuite de plus d’un million de clients juifs et 350,000 clients chinois. L’entreprise aurait célébré ces détails lors de la notification des utilisateurs affectés. La plainte affirme que 23andMe n’a pas informé les clients compromis sur le ciblage spécifique ou la divulgation sur le dark web. Les données piratées comprenaient des informations génétiques, noms, adresses, phénotype et informations de santé, photos et données d'identification.
23andMe (NASDAQ:ME) hatte im Dezember 2023 einen großen Datenleck, das etwa 7 Millionen Nutzer betroffen hat. Eine Sammelklage zeigt, dass Hacker gezielt jüdische und chinesische Kunden ins Visier genommen haben, indem sie deren persönliche genetische Informationen im Dark Web sammelten und verkauften. Das Leck betraf die Daten von über 1 Million jüdischen Kunden und 350.000 chinesischen Kunden. Das Unternehmen soll diese Details verschwiegen haben, als es die betroffenen Nutzer informierte. Die Klage behauptet, dass 23andMe kompromittierte Kunden nicht über die gezielte Ansprache oder die Offenlegung im Dark Web informiert hat. Die gehackten Daten umfassten genetisches Erbe, Namen, Adressen, Phänotyp und Gesundheitsinformationen, Fotos und Identifikationsdaten.
- None.
- Major data breach affecting 7 million users
- Targeted leak of Jewish and Chinese customer data
- Personal genetic information sold on the dark web
- Alleged concealment of breach details from customers
- Potential safety threats to affected customers
- Possible legal and financial repercussions from class action lawsuit
Insights
This data breach at 23andMe is particularly concerning due to its targeted nature and the sensitive genetic information involved. The hackers' focus on Jewish and Chinese users adds a disturbing dimension of potential discrimination and exploitation. The scale of the breach, affecting 7 million users, is substantial and could have far-reaching consequences.
From a cybersecurity standpoint, 23andMe's initial response of blaming users for recycled credentials is inadequate. While password reuse is a common vulnerability, companies handling sensitive data must implement robust multi-factor authentication and encryption protocols. The delayed and incomplete disclosure of the breach's full extent and nature is a significant lapse in incident response best practices, potentially violating data protection regulations.
This incident underscores the critical need for stringent security measures in genetic testing services and highlights the potential risks of centralizing sensitive personal and genetic data. It may lead to increased scrutiny and regulation of the genetic testing industry.
This data breach poses significant legal challenges for 23andMe. The company may face substantial liability under various data protection laws, including the CCPA in California and GDPR for any affected EU citizens. The targeted nature of the breach against specific ethnic groups could potentially lead to discrimination lawsuits and civil rights investigations.
The alleged concealment of important details about the breach, particularly the targeting of Jewish and Chinese users, could be viewed as a violation of breach notification laws. This could result in regulatory fines and penalties. The class action lawsuit filed against 23andMe is likely to be the first of many legal challenges.
Investors should be prepared for protracted legal battles, potential regulatory investigations and significant financial implications. The company's handling of the breach and its aftermath will be important in determining the extent of legal and financial repercussions.
This data breach is likely to have a significant negative impact on 23andMe's market position and stock performance. The targeted nature of the attack and the company's alleged mishandling of the disclosure could severely damage consumer trust, a critical asset in the genetic testing industry.
Expect to see a sharp decline in new customer acquisitions and potential cancellations from existing users. This could lead to reduced revenue and increased customer acquisition costs in the short to medium term. The company may need to invest heavily in cybersecurity upgrades and public relations efforts to rebuild its reputation.
Long-term implications could include increased regulatory scrutiny of the entire genetic testing industry, potentially leading to higher compliance costs. Competitors may benefit in the short term, but the incident could dampen overall consumer enthusiasm for direct-to-consumer genetic testing services. Investors should closely monitor the company's response and any potential class action settlements or regulatory fines.
NEW YORK, NY / ACCESSWIRE / August 14, 2024 / 23andMe (NASDAQ:ME) was hacked in December 2023, affecting approximately 7 million users of its genetic services website. According to a recently filed class complaint, hackers who infiltrated 23andMe's system were after the personal information of Jewish and Chinese customers, but the company hid that detail when notifying affected customers.
The hackers specifically targeted the personal genetic information of Jewish and Chinese customers and compiled that data - including genetic heritage, names, and addresses - into lists that were then sold on the dark web, but 23andMe concealed both those revelations when it announced the extent of the breach in December 2023.
According to the lawsuit, the hacker leaked a list of over 1 million Jewish customers expressly in retribution for the Israel-Hamas war. The hacker was also more than happy to leak a list of 350,000 Chinese customers upon request from a user with the alias "Wuhan." These lists generated a huge amount of interest from hackers on the dark web from all over the world and were shared and reshared an untold number of times.
The disclosure of these lists threatens the safety of those customers, including from the Chinese government, which has a long history of tracking Chinese citizens.
According to the lawsuit, to this day, 23andMe has not informed the 7 million compromised customers that their personal genetic information was disclosed on the dark web, nor has it told its Jewish and Chinese customers that they were specifically targeted.
IF YOU ARE A VULNERABLE person whose personal genetic information identifies you as having Ashkenazi Jewish heritage or Chinese ancestry, and/or live in California, Illinois, Oregon, or Alaska, please contact us to review your rights and eligibility for compensation:
ADDITIONAL BACKGROUND:
According to a recently filed class action complaint, on Oct. 1, 2023, a hacker using the alias "Golem" leaked the 23andMe data of 1 million Ashkenazi Jews on Breach Forums, calling it "the most valuable data you'll ever see."
"Golem's explicit targeting of Jewish 23andMe users is further conveyed by his use of the character 'Gollum' from The Lord of the Rings - a creature driven by greed with ugly and outsized facial features - as his profile picture."
A few hours later, a user with the alias "Wuhan" asked Golem if he had "Chinese accounts," according to the complaint. The next day, Golem leaked the data of 7 million users, saying in the post that the customer information included phenotype and health information, photos, and identification data.
Golem listed prices for the customer profiles at
Interest in the leaked Jewish and Chinese information was immediate and overwhelming following an Israeli bombing of a Palestinian hospital.
23andMe attempted to shift the blame to customers, telling them the breach was a result of customers using recycled login credentials from their accounts on other websites. Further, 23andMe then waited until December to report that 7 million customers were directly affected by the breach and didn't say anything about the data being sold on the dark web or that Jewish and Chinese customers were specifically targeted.
Levi Korsinsky, LLP is investigating whether affected customers are entitled to compensation. If you have received a notice about the data breach, you may be entitled to compensation. There is no cost or obligation to participate. Follow the link below to find out more:
Levi & Korsinsky is a nationally recognized consumer advocacy law firm that has recovered hundreds of millions of dollars against large corporations. The firm's team of over 70 extraordinary attorneys and professionals have a winning track record going against the most powerful defense attorneys in the world and know how to maximize your compensation. The firm is a
Levi & Korsinsky, LLP
Joseph E. Levi, Esq.
33 Whitehall Street, 17th Floor
New York, NY 10004
jlevi@levikorsinsky.com
Tel: (212) 363-7500
Fax: (212) 363-7171
www.zlk.com
CONTACT:
Levi & Korsinsky, LLP
Joseph E. Levi, Esq.
Ed Korsinsky, Esq.
33 Whitehall Street, 17th Floor
New York, NY 10004
jlevi@levikorsinsky.com
Tel: (212) 363-7500
Fax: (212) 363-7171
https://zlk.com/
SOURCE: Levi & Korsinsky, LLP
View the original press release on accesswire.com
FAQ
How many 23andMe users were affected by the December 2023 data breach?
What specific groups were targeted in the 23andMe (ME) data breach?
How many Jewish customers' data was leaked in the 23andMe breach?
What type of personal information was compromised in the 23andMe (ME) hack?
When did 23andMe (ME) disclose the extent of the data breach to its customers?
