23andMe Data Breach - Hackers Targeted Jewish and Chinese Users Data

Rhea-AI Summary

23andMe (NASDAQ:ME) was hacked in December 2023, compromising the data of approximately 7 million users. The breach specifically targeted Jewish and Chinese users, whose personal genetic information was sold on the dark web. The lawsuit claims that 23andMe did not inform users about the targeted nature of the breach and the sale of their data. The hacker, using the alias 'Golem,' leaked lists of Jewish and Chinese users in retaliation for current events, including the Israel-Hamas conflict. The company has been accused of shifting blame to users for using recycled passwords and failing to report the full extent of the breach promptly. Levi & Korsinsky, LLP is investigating potential compensation for affected customers.

Positive

• Ongoing investigation may offer compensation to affected users.
• Levi & Korsinsky, LLP is a respected law firm with a strong track record in recovering damages.

Negative

• Data breach affected 7 million users, exposing sensitive genetic information.
• Targeted data included Jewish and Chinese customers, increasing safety risks.
• Company delayed reporting the breach and omitted critical details about the data sale.
• Reputational damage due to mishandling of user data security.
• Potential legal and financial repercussions from class action lawsuits.
• Loss of customer trust and potential decline in user base.

Insights

Financial Analyst

23andMe is facing a significant crisis that could have lasting impacts on its financial stability and investor confidence. The data breach affecting 7 million users, particularly targeting Jewish and Chinese communities, is not just a technical issue but a grave privacy concern. Investors should note that this incident could lead to substantial litigation costs and settlements, especially as a class action lawsuit has already been filed. Beyond immediate financial liabilities, the long-term damage to the company's reputation could lead to a loss of customers and a decline in subscriber growth, which is important for revenue. The company’s failure to disclose critical details of the breach may also attract regulatory scrutiny, potentially resulting in fines and more stringent compliance requirements.

Financial metrics like revenue, profit margins and customer acquisition costs could be negatively impacted as a result. The delay in reporting and the lack of transparency will likely erode trust, which is a critical asset for any company handling sensitive personal data. Investors should watch for upcoming quarterly earnings reports to gauge the financial impact and any forward-looking statements from the management regarding mitigation strategies.

Legal Expert

The legal ramifications of the 23andMe data breach are extensive and complex. The nature of the breach, targeting specific ethnic groups and the subsequent concealment of these details by the company, could lead to multiple levels of legal challenges. Not only is there a class action lawsuit currently filed, but the company could also face additional lawsuits from affected individuals and possibly regulatory actions. Laws like the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) in Europe impose strict requirements on data protection and breach notifications. Failure to comply with these laws can result in severe penalties.

Furthermore, the specific targeting of Jewish and Chinese individuals could lead to allegations of discrimination and negligence, potentially intensifying the legal scrutiny. Investors should keep an eye on the progress of the class-action lawsuit and any announcements from regulatory bodies regarding investigations or fines. The legal proceedings are likely to be protracted and the final financial impact, including settlements or penalties, may not be clear for some time.

Data Security Expert

The breach at 23andMe reveals significant vulnerabilities in the company's cybersecurity framework. The targeted nature of the attack suggests that the hackers possibly had inside knowledge or found a specific weakness within the system. This raises questions about the adequacy of 23andMe’s security protocols and their ability to protect highly sensitive genetic data. For a company dealing with personal genetic information, robust security measures are not just a necessity but a critical business component. The fact that the breach was only reported two months later and without full disclosure, indicates lapses in both incident response and communication strategies.

Moving forward, the company will need to invest heavily in enhancing its cybersecurity infrastructure and possibly undergo external audits to regain trust. Implementing advanced encryption methods, regular security assessments and comprehensive employee training can help mitigate future risks. However, these measures will also come at a significant cost, impacting the company's operational budget and financial outlook. The incident serves as a stark reminder to investors about the importance of data security in today's digital age, especially for companies handling sensitive information.

NEW YORK, NY / ACCESSWIRE / June 3, 2024 / 23andMe (NASDAQ:ME) was hacked in December 2023, affecting approximately 7 million users of its genetic services website. According to a recently filed class complaint, hackers who infiltrated 23andMe's system were after the personal information of Jewish and Chinese customers, but the company hid that detail when notifying affected customers.

The hackers specifically targeted the personal genetic information of Jewish and Chinese customers and compiled that data - including genetic heritage, names, and addresses - into lists that were then sold on the dark web, but 23andMe concealed both those revelations when it announced the extent of the breach in December 2023.

According to the lawsuit, the hacker leaked a list of over 1 million Jewish customers expressly in retribution for the Israel-Hamas war. The hacker was also more than happy to leak a list of 350,000 Chinese customers upon request from a user with the alias "Wuhan."These lists generated a huge amount of interest from hackers on the dark web from all over the world and were shared and reshared an untold number of times.

The disclosure of these lists threatens the safety of those customers, including from the Chinese government, which has a long history of tracking Chinese citizens.

According to the lawsuit,to this day, 23andMe has not informed the 7 million compromised customers that their personal genetic information was disclosed on the dark web, nor has it told its Jewish and Chinese customers that they were specifically targeted.

IF YOU ARE A VULNERABLE person whose personal genetic information identifies you as having Ashkenazi Jewish heritage or Chinese ancestry, and/or live in California, Illinois, Oregon, or Alaska, please contact us to review your rights and eligibility for compensation:

https://bit.ly/3sYm8Cn

ADDITIONAL BACKGROUND:

According to a recently filed class action complaint, on Oct. 1, 2023, a hacker using the alias "Golem" leaked the 23andMe data of 1 million Ashkenazi Jews on Breach Forums, calling it "the most valuable data you'll ever see."

"Golem's explicit targeting of Jewish 23andMe users is further conveyed by his use of the character 'Gollum' from The Lord of the Rings - a creature driven by greed with ugly and outsized facial features - as his profile picture."

A few hours later, a user with the alias "Wuhan" asked Golem if he had "Chinese accounts," according to the complaint. The next day, Golem leaked the data of 7 million users, saying in the post that the customer information included phenotype and health information, photos, and identification data.

Golem listed prices for the customer profiles at $1,000 for 100 profiles, $5,000 for 1,000 profiles, $20,000 for 10,000 profiles and $100,000 for 100,000 profiles.

Interest in the leaked Jewish and Chinese information was immediate and overwhelming following an Israeli bombing of a Palestinian hospital.

23andMe attempted to shift the blame to customers, telling them the breach was a result of customers using recycled login credentials from their accounts on other websites.Further, 23andMe then waited until December to report that 7 million customers were directly affected by the breach and didn't say anything about the data being sold on the dark web or that Jewish and Chinese customers were specifically targeted.

Levi Korsinsky, LLP is investigating whether affected customers are entitled to compensation. If you have received a notice about the data breach, you may be entitled to compensation. There is no cost or obligation to participate. Follow the link below to find out more:

https://bit.ly/3sYm8Cn

Levi & Korsinsky is a nationally recognized consumer advocacy law firm that has recovered hundreds of millions of dollars against large corporations. The firm's team of over 70 extraordinary attorneys and professionals have a winning track record going against the most powerful defense attorneys in the world and know how to maximize your compensation. The firm is a 100% contingency firm - we don't get paid unless you get paid! Please visit us as www.zlk.com for more information. Attorney Advertising. Prior results do not guarantee similar outcomes.

Levi & Korsinsky, LLP
Joseph E. Levi, Esq.
33 Whitehall Street, 17th Floor
New York, NY 10004
jlevi@levikorsinsky.com
Tel: (212) 363-7500
Fax: (212) 363-7171
www.zlk.com

CONTACT:
Levi & Korsinsky, LLP
Joseph E. Levi, Esq.
Ed Korsinsky, Esq.
33 Whitehall Street, 17th Floor
New York, NY 10004
jlevi@levikorsinsky.com
Tel: (212) 363-7500
Fax: (212) 363-7171
https://zlk.com/

SOURCE: Levi & Korsinsky, LLP

View the original press release on accesswire.com

FAQ

What happened in the 23andMe data breach?

In December 2023, 23andMe was hacked, affecting about 7 million users' personal genetic information, particularly targeting Jewish and Chinese customers.

How many users were affected by the 23andMe hack?

Approximately 7 million users were affected by the 23andMe data breach.

Why were Jewish and Chinese users specifically targeted in the 23andMe breach?

Jewish and Chinese users were targeted due to the political climate and specific requests on dark web forums, such as the Israel-Hamas war and a user named 'Wuhan'.

What kind of data was stolen in the 23andMe hack?

The stolen data included genetic heritage, names, addresses, phenotype, health information, photos, and identification data.

Did 23andMe inform users about the data sale on the dark web?

No, 23andMe did not inform users that their data was being sold on the dark web or that Jewish and Chinese users were specifically targeted.

What legal actions are being taken against 23andMe for the data breach?

A class action lawsuit has been filed, and Levi & Korsinsky, LLP is investigating compensation for affected customers.

What was 23andMe's response to the data breach?

23andMe attributed the breach to users recycling passwords and delayed reporting the full extent of the breach.

How can 23andMe users seek compensation for the data breach?

Affected users can contact Levi & Korsinsky, LLP to review their rights and eligibility for compensation.