23andMe Data Breach - Hackers Targeted Jewish and Chinese Users Data
On May 17, 2024, 23andMe (NASDAQ:ME) disclosed a data breach from December 2023 that affected approximately 7 million users. Hackers specifically targeted Jewish and Chinese customers, selling their personal genetic information on the dark web. A class action lawsuit alleges that 23andMe concealed these details when informing customers about the breach. The targeted data included genetic heritage, names, and addresses. The breach has raised safety concerns, particularly for Chinese customers worried about government surveillance. The lawsuit claims that 23andMe has yet to notify affected users about the specific targeting and the sale of their data online.
- None.
- 7 million users affected by the data breach.
- Personal genetic information of Jewish and Chinese customers targeted and sold on the dark web.
- 23andMe allegedly concealed details when notifying users about the breach.
- Class action lawsuit filed against 23andMe.
- Safety concerns for Jewish and Chinese customers, including potential government surveillance.
- Company's credibility and customer trust potentially damaged.
- No notification to affected users about the specific targeting and sale of their data.
Insights
The data breach at 23andMe presents significant risks for the company's financial health. Immediate consequences include
Additionally, there is likely to be an erosion of consumer trust, leading to reduced sign-ups and potentially a higher churn rate among existing users. This can directly impact revenue. Investors should also consider potential regulatory fines and increased compliance costs moving forward.
In the short term, expect increased volatility in the stock price as the market reacts to the news and its potential fallout. In the long term, the company's ability to recover will depend on how effectively it manages this crisis, enhances its security measures and rebuilds trust with its user base.
This data breach exposes 23andMe to serious legal challenges. The class-action lawsuit already in motion can result in significant financial penalties and the company's alleged failure to disclose important details about the breach will likely exacerbate its liabilities. The nature of the data collected and sold, specifically targeting Jewish and Chinese users, adds a layer of complexity that could lead to additional legal repercussions and intensified scrutiny from advocacy groups.
Another critical aspect to consider is regulatory compliance. 23andMe might face sanctions from data protection authorities, especially if it is found to have violated data protection laws like GDPR in Europe or CCPA in California.
The breach at 23andMe highlights significant vulnerabilities in their data protection protocols. The nature of the data exposed – personal genetic information – is particularly sensitive and valuable. This breach underscores the importance of robust cybersecurity measures and regular audits to protect against such incidents.
It also raises questions about the company's incident response. The delayed reporting and failure to disclose critical aspects of the breach could indicate either a lack of transparency or a gap in their crisis management strategy. Enhancing both preventive and responsive measures will be vital for 23andMe to regain trust and ensure data security moving forward.
Investors should monitor how the company plans to upgrade its security infrastructure and whether these measures align with industry best practices.
NEW YORK, NY / ACCESSWIRE / May 17, 2024 / 23andMe (NASDAQ:ME) was hacked in December 2023, affecting approximately 7 million users of its genetic services website. According to a recently filed class complaint, hackers who infiltrated 23andMe's system were after the personal information of Jewish and Chinese customers, but the company hid that detail when notifying affected customers.
The hackers specifically targeted the personal genetic information of Jewish and Chinese customers and compiled that data - including genetic heritage, names, and addresses - into lists that were then sold on the dark web, but 23andMe concealed both those revelations when it announced the extent of the breach in December 2023.
According to the lawsuit, the hacker leaked a list of over 1 million Jewish customers expressly in retribution for the Israel-Hamas war. The hacker was also more than happy to leak a list of 350,000 Chinese customers upon request from a user with the alias "Wuhan."These lists generated a huge amount of interest from hackers on the dark web from all over the world and were shared and reshared an untold number of times.
The disclosure of these lists threatens the safety of those customers, including from the Chinese government, which has a long history of tracking Chinese citizens.
According to the lawsuit,to this day, 23andMe has not informed the 7 million compromised customers that their personal genetic information was disclosed on the dark web, nor has it told its Jewish and Chinese customers that they were specifically targeted.
IF YOU ARE A VULNERABLE person whose personal genetic information identifies you as having Ashkenazi Jewish heritage or Chinese ancestry, and/or live in California, Illinois, Oregon, or Alaska, please contact us to review your rights and eligibility for compensation:
ADDITIONAL BACKGROUND:
According to a recently filed class action complaint, on Oct. 1, 2023, a hacker using the alias "Golem" leaked the 23andMe data of 1 million Ashkenazi Jews on Breach Forums, calling it "the most valuable data you'll ever see."
"Golem's explicit targeting of Jewish 23andMe users is further conveyed by his use of the character 'Gollum' from The Lord of the Rings - a creature driven by greed with ugly and outsized facial features - as his profile picture."
A few hours later, a user with the alias "Wuhan" asked Golem if he had "Chinese accounts," according to the complaint. The next day, Golem leaked the data of 7 million users, saying in the post that the customer information included phenotype and health information, photos, and identification data.
Golem listed prices for the customer profiles at
Interest in the leaked Jewish and Chinese information was immediate and overwhelming following an Israeli bombing of a Palestinian hospital.
23andMe attempted to shift the blame to customers, telling them the breach was a result of customers using recycled login credentials from their accounts on other websites.Further, 23andMe then waited until December to report that 7 million customers were directly affected by the breach and didn't say anything about the data being sold on the dark web or that Jewish and Chinese customers were specifically targeted.
Levi Korsinsky, LLP is investigating whether affected customers are entitled to compensation. If you have received a notice about the data breach, you may be entitled to compensation. There is no cost or obligation to participate. Follow the link below to find out more:
Levi & Korsinsky is a nationally recognized consumer advocacy law firm that has recovered hundreds of millions of dollars against large corporations. The firm's team of over 70 extraordinary attorneys and professionals have a winning track record going against the most powerful defense attorneys in the world and know how to maximize your compensation. The firm is a
CONTACT:
Levi & Korsinsky, LLP
Joseph E. Levi, Esq.
Ed Korsinsky, Esq.
33 Whitehall Street, 17th Floor
New York, NY 10004
jlevi@levikorsinsky.com
Tel: (212) 363-7500
Fax: (212) 363-7171
https://zlk.com/
SOURCE: Levi & Korsinsky, LLP
View the original press release on accesswire.com
FAQ
What happened in the 23andMe data breach in December 2023?
How many users were affected by the 23andMe data breach?
Which customers were specifically targeted in the 23andMe data breach?
What type of information was compromised in the 23andMe data breach?
Has 23andMe informed the affected users about their data being sold on the dark web?
What actions have been taken against 23andMe following the data breach?
What are the implications of the 23andMe data breach for Chinese and Jewish customers?
