23andMe Data Breach - Hackers Targeted Jewish and Chinese Users Data
On May 22, 2024, 23andMe disclosed a major data breach that occurred in December 2023, affecting approximately 7 million users. Hackers targeted Jewish and Chinese users' personal genetic information, selling it on the dark web. Despite knowing the specifics, 23andMe did not inform the affected users of the ethnic targeting or the extent of the breach. A class action lawsuit has been filed, claiming the breach has endangered the safety of those listed, especially from governmental tracking. The lawsuit also mentions that the company tried to blame users for reusing login credentials.
- No positive business aspects are noted in this press release for 23andMe.
- Data breach affected about 7 million users, potentially harming the company's reputation and trustworthiness.
- Hackers specifically targeted Jewish and Chinese customers, which could lead to increased scrutiny and legal implications.
- The company failed to inform users about the extent of the breach and targeted ethnic groups, potentially damaging customer relations.
- The lawsuit claims that the breach has endangered the safety of affected individuals, which may lead to significant legal consequences for 23andMe.
- 23andMe's attempt to blame customers for reused login credentials could be viewed negatively by the public and regulators.
- Potential financial losses due to legal settlements and increased security measures.
Insights
The 23andMe data breach is a significant event in the realm of cybersecurity, particularly due to the sensitive nature of the data involved—genetic information. The breach not only exposed personal details but also sensitive genetic data, which poses a significant threat to user privacy and security. Genetic data is unique and immutable, which means once it's leaked, the implications are long-lasting and potentially severe.
Additionally, the targeted nature of the breach, specifically focusing on Jewish and Chinese users, adds a layer of social and geopolitical complexity. This targeting indicates that hackers are not just after financial gain but may also have social or political motives. This is concerning as it highlights vulnerabilities in how genetic data is managed and protected, potentially making such data a target for future attacks with various motives.
For investors, this breach raises red flags about 23andMe's cybersecurity protocols and crisis management strategies. The company’s delayed disclosure and failure to inform affected users about the specific targeting could damage trust and brand reputation, leading to user attrition and legal consequences. Long-term impacts might include increased costs for enhanced security measures and potential liabilities from lawsuits, which could strain financial resources.
This event underscores the critical need for robust data protection measures and transparent communication strategies in handling breaches. Investors should closely monitor how 23andMe addresses these issues and the resulting legal and financial ramifications.
The legal implications of the 23andMe data breach are substantial. The company is facing a class-action lawsuit, which could result in significant financial penalties and compensation payouts. The breach violates privacy laws, including regulations like the California Consumer Privacy Act (CCPA) and potentially the General Data Protection Regulation (GDPR) if European users are involved.
The specificity of the breach—targeting Jewish and Chinese users—could also lead to additional legal scrutiny under anti-discrimination laws. The fact that 23andMe allegedly concealed the extent of the breach and the targeted nature of the data adds a layer of complexity to the legal proceedings. This could be seen as a failure in their duty to protect and inform their customers, potentially aggravating legal consequences.
For investors, the legal fallout could be extensive. The costs associated with litigation, settlements and fines could be substantial, impacting the company’s financial performance. Moreover, the legal issues could lead to stricter regulatory oversight, which may require additional compliance costs and affect operational flexibility.
It will be important for investors to follow the progress of the lawsuit and any regulatory actions closely, as these will directly influence the company’s financial health and stock performance.
The financial repercussions of 23andMe's data breach could be profound. Beyond the immediate costs associated with the breach itself—such as forensic investigations, legal fees and potential settlements—the company could face longer-term financial impacts. The breach could erode consumer trust, leading to a decline in user base and revenue. Additionally, the need to enhance cybersecurity measures could lead to increased operational costs.
Investors should be aware that such incidents often lead to stock volatility. Historically, companies experiencing significant data breaches typically see a decline in their stock value as the market reacts to potential risks and uncertainties. The extent of the impact on stock value will depend on how effectively 23andMe manages the breach aftermath and restores trust among its customers.
Long-term, the company may need to increase investments in data protection and customer outreach to rebuild its reputation. This might affect profitability and cash flows, influencing dividend payouts and stock buybacks. Furthermore, if the company faces heightened regulatory demands, compliance costs could rise, affecting net margins.
In summary, while the immediate financial impact is concerning, the longer-term effects on customer trust, operational costs and regulatory compliance will be critical factors to monitor for investors.
NEW YORK, NY / ACCESSWIRE / May 22, 2024 / 23andMe (NASDAQ:ME) was hacked in December 2023, affecting approximately 7 million users of its genetic services website. According to a recently filed class complaint, hackers who infiltrated 23andMe's system were after the personal information of Jewish and Chinese customers, but the company hid that detail when notifying affected customers.
The hackers specifically targeted the personal genetic information of Jewish and Chinese customers and compiled that data - including genetic heritage, names, and addresses - into lists that were then sold on the dark web, but 23andMe concealed both those revelations when it announced the extent of the breach in December 2023.
According to the lawsuit, the hacker leaked a list of over 1 million Jewish customers expressly in retribution for the Israel-Hamas war. The hacker was also more than happy to leak a list of 350,000 Chinese customers upon request from a user with the alias "Wuhan."These lists generated a huge amount of interest from hackers on the dark web from all over the world and were shared and reshared an untold number of times.
The disclosure of these lists threatens the safety of those customers, including from the Chinese government, which has a long history of tracking Chinese citizens.
According to the lawsuit,to this day, 23andMe has not informed the 7 million compromised customers that their personal genetic information was disclosed on the dark web, nor has it told its Jewish and Chinese customers that they were specifically targeted.
IF YOU ARE A VULNERABLE person whose personal genetic information identifies you as having Ashkenazi Jewish heritage or Chinese ancestry, and/or live in California, Illinois, Oregon, or Alaska, please contact us to review your rights and eligibility for compensation:
ADDITIONAL BACKGROUND:
According to a recently filed class action complaint, on Oct. 1, 2023, a hacker using the alias "Golem" leaked the 23andMe data of 1 million Ashkenazi Jews on Breach Forums, calling it "the most valuable data you'll ever see."
"Golem's explicit targeting of Jewish 23andMe users is further conveyed by his use of the character 'Gollum' from The Lord of the Rings - a creature driven by greed with ugly and outsized facial features - as his profile picture."
A few hours later, a user with the alias "Wuhan" asked Golem if he had "Chinese accounts," according to the complaint. The next day, Golem leaked the data of 7 million users, saying in the post that the customer information included phenotype and health information, photos, and identification data.
Golem listed prices for the customer profiles at
Interest in the leaked Jewish and Chinese information was immediate and overwhelming following an Israeli bombing of a Palestinian hospital.
23andMe attempted to shift the blame to customers, telling them the breach was a result of customers using recycled login credentials from their accounts on other websites.Further, 23andMe then waited until December to report that 7 million customers were directly affected by the breach and didn't say anything about the data being sold on the dark web or that Jewish and Chinese customers were specifically targeted.
Levi Korsinsky, LLP is investigating whether affected customers are entitled to compensation. If you have received a notice about the data breach, you may be entitled to compensation. There is no cost or obligation to participate. Follow the link below to find out more:
Levi & Korsinsky is a nationally recognized consumer advocacy law firm that has recovered hundreds of millions of dollars against large corporations. The firm's team of over 70 extraordinary attorneys and professionals have a winning track record going against the most powerful defense attorneys in the world and know how to maximize your compensation. The firm is a
CONTACT:
Levi & Korsinsky, LLP
Joseph E. Levi, Esq.
Ed Korsinsky, Esq.
33 Whitehall Street, 17th Floor
New York, NY 10004
jlevi@levikorsinsky.com
Tel: (212) 363-7500
Fax: (212) 363-7171
https://zlk.com/
SOURCE: Levi & Korsinsky, LLP
View the original press release on accesswire.com
FAQ
What happened in the 23andMe data breach?
How many users were affected by the 23andMe data breach?
Which user groups were specifically targeted in the 23andMe hack?
What type of information was compromised in the 23andMe data breach?
Did 23andMe inform users about the targeted ethnic groups in the data breach?