STOCK TITAN

23andMe Data Breach - Hackers Targeted Jewish and Chinese Users Data

Rhea-AI Impact
(Low)
Rhea-AI Sentiment
(Negative)
Tags

23andMe (NASDAQ:ME) experienced a significant data breach in December 2023, affecting approximately 7 million users. A class action complaint reveals that hackers specifically targeted the personal genetic information of Jewish and Chinese customers. The breach resulted in the leak of over 1 million Jewish customers' data and 350,000 Chinese customers' information on the dark web. The lawsuit alleges that 23andMe concealed the targeted nature of the attack and has not informed affected customers about the extent of the data disclosure.

The hacker, using the alias "Golem," leaked the data on Breach Forums, pricing customer profiles from $1,000 for 100 profiles to $100,000 for 100,000 profiles. 23andMe initially attributed the breach to recycled login credentials and delayed reporting the full extent of the incident. Levi & Korsinsky, LLP is investigating potential compensation for affected customers, particularly those with Ashkenazi Jewish heritage or Chinese ancestry in specific states.

23andMe (NASDAQ:ME) ha subito una significativa violazione dei dati a dicembre 2023, che ha colpito circa 7 milioni di utenti. Una denuncia collettiva rivela che gli hacker hanno preso di mira specificamente le informazioni genetiche personali dei clienti ebrei e cinesi. La violazione ha portato al furto di oltre 1 milione di dati di clienti ebrei e di 350.000 informazioni di clienti cinesi sul dark web. La causa sostiene che 23andMe ha nascosto la natura mirata dell'attacco e non ha informato i clienti interessati sull'estensione della divulgazione dei dati.

L'hacker, utilizzando lo pseudonimo "Golem", ha pubblicato i dati su Breach Forums, vendendo i profili dei clienti da 1.000 dollari per 100 profili fino a 100.000 dollari per 100.000 profili. 23andMe inizialmente ha attribuito la violazione alle credenziali di accesso riciclate e ha ritardato nel segnalare l'intera gravità dell'incidente. Levi & Korsinsky, LLP sta indagando su possibili risarcimenti per i clienti colpiti, in particolare quelli con ereditarietà ebraica ashkenazita o ascendenza cinese in stati specifici.

23andMe (NASDAQ:ME) experimentó una violación significativa de datos en diciembre de 2023, afectando aproximadamente a 7 millones de usuarios. Una demanda colectiva revela que los hackers apuntaron específicamente a la información genética personal de clientes judíos y chinos. La violación resultó en la filtración de más de 1 millón de datos de clientes judíos y 350,000 información de clientes chinos en la dark web. La demanda alega que 23andMe ocultó la naturaleza dirigida del ataque y no ha informado a los clientes afectados sobre la extensión de la divulgación de datos.

El hacker, usando el alias "Golem", filtró los datos en Breach Forums, fijando el precio de perfiles de clientes desde $1,000 por 100 perfiles hasta $100,000 por 100,000 perfiles. 23andMe inicialmente atribuyó la violación a credenciales de acceso recicladas y retrasó la comunicación del alcance total del incidente. Levi & Korsinsky, LLP está investigando una posible compensación para los clientes afectados, especialmente aquellos con herencia judía ashkenazí o ascendencia china en estados específicos.

23andMe (NASDAQ:ME)는 2023년 12월에 약 700만 사용자에게 영향을 미치는 심각한 데이터 유출을 경험했습니다. 집단 소송에서는 해커들이 유대인 및 중국 고객의 개인 유전 정보에 특히 초점을 맞췄다고 밝혔습니다. 이 유출로 인해 100만 명 이상의 유대인 고객 데이터와 35만 명의 중국 고객 정보가 다크 웹에 유출되었습니다. 소송은 23andMe가 공격의 목표된 성격을 숨겼다고 주장하며, 영향을 받은 고객들에게 데이터 공개의 범위에 대해 알리지 않았다고 합니다.

해커는 alias "Golem"을 사용하여 Breach Forums에 데이터를 유출했으며, 고객 프로필의 가격을 100개 프로필에 대해 $1,000에서 100,000개 프로필에 대해 $100,000로 책정했습니다. 23andMe는 초기에는 유출의 원인을 재활용된 로그인 자격 증명으로 설명했으며, 사건의 전체 범위를 보고하는 데 지체했습니다. Levi & Korsinsky, LLP는 특히 특정 주에서 아슈케나지 유대인 혈통 또는 중국 혈통을 가진 영향을 받은 고객에 대한 잠재적 보상을 조사하고 있습니다.

23andMe (NASDAQ:ME) a connu une violation de données importante en décembre 2023, touchant environ 7 millions d'utilisateurs. Une plainte collective révèle que des hackers ont spécifiquement ciblé les informations génétiques personnelles des clients juifs et chinois. La violation a entraîné la fuite de plus d'un million de données de clients juifs et de 350 000 informations de clients chinois sur le dark web. La plainte allègue que 23andMe a dissimulé la nature ciblée de l'attaque et n'a pas informé les clients concernés sur l'ampleur de la divulgation des données.

Le hacker, utilisant le pseudonyme "Golem", a diffusé les données sur Breach Forums, fixant le prix des profils clients de 1 000 $ pour 100 profils à 100 000 $ pour 100 000 profils. 23andMe a d'abord attribué la violation à des identifiants de connexion recyclés et a retardé le signalement de l'ampleur totale de l'incident. Levi & Korsinsky, LLP enquête sur une éventuelle compensation pour les clients affectés, en particulier ceux d'origine juive ashkénaze ou chinoise dans des États spécifiques.

23andMe (NASDAQ:ME) erlebte im Dezember 2023 einen erheblichen Datenverstoß, der etwa 7 Millionen Benutzer betraf. Eine Klage zeigt, dass Hacker gezielt die persönlichen genetischen Informationen jüdischer und chinesischer Kunden ins Visier nahmen. Der Verstoß führte zur Veröffentlichung von über 1 Million Daten jüdischer Kunden und 350.000 Informationen chinesischer Kunden im Dark Web. Die Klage behauptet, dass 23andMe die gezielte Natur des Angriffs vertuscht hat und betroffene Kunden nicht über das Ausmaß der Datenveröffentlichung informiert hat.

Der Hacker, der unter dem Alias "Golem" agierte, veröffentlichte die Daten in Breach Forums und setzte die Preise für Kundenprofile von 1.000 Dollar für 100 Profile bis zu 100.000 Dollar für 100.000 Profile fest. 23andMe führte den Verstoß zunächst auf wiederverwendete Anmeldedaten zurück und verzögerte die vollständige Meldung des Vorfalls. Levi & Korsinsky, LLP untersucht mögliche Entschädigungen für betroffene Kunden, insbesondere für solche mit aschkenasischem jüdischem Erbe oder chinesischer Abstammung in bestimmten Bundesstaaten.

Positive
  • None.
Negative
  • Data breach affecting 7 million users
  • Targeted leak of Jewish and Chinese customers' genetic information
  • Failure to disclose full extent of the breach to affected customers
  • Potential legal liabilities and class action lawsuits
  • Reputational damage and loss of customer trust
  • Possible financial impact from compensation claims

Insights

This data breach at 23andMe is highly concerning from a cybersecurity perspective. The targeting of specific ethnic groups adds a new layer of complexity to the incident. The hackers' ability to extract and compile data based on genetic heritage demonstrates a sophisticated attack that goes beyond typical data breaches.

The delayed and incomplete disclosure by 23andMe is problematic. Best practices in cybersecurity incident response emphasize timely and transparent communication. The company's attempt to shift blame to users for password reuse, while a valid concern, doesn't absolve them of responsibility for protecting sensitive genetic data.

This incident highlights the unique risks associated with genetic data storage and the need for enhanced security measures in this sector. Companies handling such sensitive information must implement robust encryption, access controls and anomaly detection systems to prevent targeted data extraction.

This data breach presents significant legal implications for 23andMe. The company may face multiple class-action lawsuits for failing to adequately protect sensitive genetic information and for potentially violating data protection laws in various jurisdictions.

The alleged concealment of critical details about the breach, particularly the targeting of specific ethnic groups, could lead to accusations of negligence and breach of fiduciary duty. This may result in substantial financial penalties and reputational damage.

The incident also raises questions about compliance with GDPR and other international data protection regulations, given the global nature of genetic data. 23andMe may face scrutiny from regulatory bodies worldwide, potentially leading to fines and mandatory security audits.

This data breach is likely to have a significant negative impact on 23andMe's financial performance and stock value. The company may face substantial legal costs from multiple class-action lawsuits and potential regulatory fines.

The incident could lead to a loss of consumer trust, potentially resulting in decreased sales and customer churn. This is particularly concerning given the sensitive nature of genetic data and the company's reliance on consumer confidence.

Investors should anticipate increased operating expenses as 23andMe will likely need to invest heavily in cybersecurity enhancements and PR efforts to mitigate reputational damage. The company's growth prospects may be significantly impacted in the short to medium term, potentially affecting its market valuation and ability to raise capital in the future.

NEW YORK, NY / ACCESSWIRE / August 5, 2024 / 23andMe (NASDAQ:ME) was hacked in December 2023, affecting approximately 7 million users of its genetic services website. According to a recently filed class complaint, hackers who infiltrated 23andMe's system were after the personal information of Jewish and Chinese customers, but the company hid that detail when notifying affected customers.

The hackers specifically targeted the personal genetic information of Jewish and Chinese customers and compiled that data - including genetic heritage, names, and addresses - into lists that were then sold on the dark web, but 23andMe concealed both those revelations when it announced the extent of the breach in December 2023.

According to the lawsuit, the hacker leaked a list of over 1 million Jewish customers expressly in retribution for the Israel-Hamas war. The hacker was also more than happy to leak a list of 350,000 Chinese customers upon request from a user with the alias "Wuhan." These lists generated a huge amount of interest from hackers on the dark web from all over the world and were shared and reshared an untold number of times.

The disclosure of these lists threatens the safety of those customers, including from the Chinese government, which has a long history of tracking Chinese citizens.

According to the lawsuit, to this day, 23andMe has not informed the 7 million compromised customers that their personal genetic information was disclosed on the dark web, nor has it told its Jewish and Chinese customers that they were specifically targeted.

IF YOU ARE A VULNERABLE person whose personal genetic information identifies you as having Ashkenazi Jewish heritage or Chinese ancestry, and/or live in California, Illinois, Oregon, or Alaska, please contact us to review your rights and eligibility for compensation:

https://bit.ly/3sYm8Cn

ADDITIONAL BACKGROUND:

According to a recently filed class action complaint, on Oct. 1, 2023, a hacker using the alias "Golem" leaked the 23andMe data of 1 million Ashkenazi Jews on Breach Forums, calling it "the most valuable data you'll ever see."

"Golem's explicit targeting of Jewish 23andMe users is further conveyed by his use of the character 'Gollum' from The Lord of the Rings - a creature driven by greed with ugly and outsized facial features - as his profile picture."

A few hours later, a user with the alias "Wuhan" asked Golem if he had "Chinese accounts," according to the complaint. The next day, Golem leaked the data of 7 million users, saying in the post that the customer information included phenotype and health information, photos, and identification data.

Golem listed prices for the customer profiles at $1,000 for 100 profiles, $5,000 for 1,000 profiles, $20,000 for 10,000 profiles and $100,000 for 100,000 profiles.

Interest in the leaked Jewish and Chinese information was immediate and overwhelming following an Israeli bombing of a Palestinian hospital.

23andMe attempted to shift the blame to customers, telling them the breach was a result of customers using recycled login credentials from their accounts on other websites. Further, 23andMe then waited until December to report that 7 million customers were directly affected by the breach and didn't say anything about the data being sold on the dark web or that Jewish and Chinese customers were specifically targeted.

Levi Korsinsky, LLP is investigating whether affected customers are entitled to compensation. If you have received a notice about the data breach, you may be entitled to compensation. There is no cost or obligation to participate. Follow the link below to find out more:

https://bit.ly/3sYm8Cn

Levi & Korsinsky is a nationally recognized consumer advocacy law firm that has recovered hundreds of millions of dollars against large corporations. The firm's team of over 70 extraordinary attorneys and professionals have a winning track record going against the most powerful defense attorneys in the world and know how to maximize your compensation. The firm is a 100% contingency firm - we don't get paid unless you get paid! Please visit us as www.zlk.com for more information. Attorney Advertising. Prior results do not guarantee similar outcomes.

CONTACT:

Levi & Korsinsky, LLP
Joseph E. Levi, Esq.
Ed Korsinsky, Esq.
33 Whitehall Street, 17th Floor
New York, NY 10004
jlevi@levikorsinsky.com
Tel: (212) 363-7500
Fax: (212) 363-7171
https://zlk.com/

SOURCE: Levi & Korsinsky, LLP



View the original press release on accesswire.com

FAQ

What was the extent of the 23andMe data breach in December 2023?

The 23andMe data breach in December 2023 affected approximately 7 million users, with hackers specifically targeting and leaking personal genetic information of over 1 million Jewish customers and 350,000 Chinese customers.

How did 23andMe (ME) respond to the data breach?

23andMe initially attributed the breach to recycled login credentials, delayed reporting the full extent of the incident until December, and allegedly concealed the targeted nature of the attack against Jewish and Chinese customers.

What information was compromised in the 23andMe (ME) data breach?

The compromised information included genetic heritage, names, addresses, phenotype and health information, photos, and identification data of affected customers.

How were the stolen 23andMe (ME) customer profiles priced on the dark web?

The hacker priced the stolen customer profiles at $1,000 for 100 profiles, $5,000 for 1,000 profiles, $20,000 for 10,000 profiles, and $100,000 for 100,000 profiles on the dark web.

What legal action is being taken regarding the 23andMe (ME) data breach?

A class action complaint has been filed, and Levi & Korsinsky, LLP is investigating potential compensation for affected customers, particularly those with Ashkenazi Jewish heritage or Chinese ancestry in California, Illinois, Oregon, or Alaska.

23andMe Holding Co.

NASDAQ:ME

ME Rankings

ME Latest News

ME Stock Data

82.79M
18.44M
3.65%
33.33%
3.98%
Diagnostics & Research
Pharmaceutical Preparations
Link
United States of America
SUNNYVALE