23andMe Data Breach - Hackers Targeted Jewish and Chinese Users Data
- None.
- 23andMe (ME) faced a significant data breach, compromising the personal genetic information of 7 million users, with a focus on Jewish and Chinese customers. The breach has raised concerns about customer safety and potential government tracking. The company's delayed response and lack of disclosure to affected customers have resulted in a class-action lawsuit.
Insights
The incident involving 23andMe represents a significant cybersecurity failure with substantial implications for privacy and data protection. The targeted nature of the hack, focusing on specific ethnic groups, elevates the concern as it suggests a potential for discriminatory practices and heightened risks for those populations. The sale of this sensitive data on the dark web could lead to a range of malicious activities, from identity theft to targeted phishing attacks.
From a cybersecurity perspective, the delay in disclosing the full extent of the breach is troubling. It raises questions about the company's incident response protocols and transparency with its users. Companies holding sensitive data are expected to have robust security measures in place and to act swiftly when those measures fail. The impact on 23andMe's reputation and customer trust could be severe, potentially affecting user retention and stock valuation.
The legal ramifications of this data breach could be extensive for 23andMe. The lawsuit alleges that the company failed to adequately inform affected customers, a potential violation of various data protection laws such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) if European citizens are involved. The specificity of the targeting could also introduce elements of discrimination law.
Moreover, the fact that 23andMe is accused of concealing the targeted nature of the hack could exacerbate their legal liability and lead to punitive damages. This could have a significant impact on the company's financials, as legal costs and potential settlements or fines could be substantial. Investors should be aware of the potential for long-term financial repercussions and the possibility of regulatory scrutiny that could affect the company's operations.
The disclosure of the 23andMe data breach is likely to have immediate and potentially long-term financial implications for the company. In the short term, the company may face a decline in stock price as investors react to the uncertainty and potential costs associated with the breach. This includes direct costs such as legal fees and settlements, as well as indirect costs like increased security measures and potential loss of customers.
In the longer term, the company's brand image and competitive position could suffer, impacting its ability to attract and retain customers. This could result in decreased revenue streams and potentially impact future earnings. Additionally, if the breach results in regulatory fines or changes in legislation, 23andMe could face increased operational costs. Investors will need to monitor the situation closely to understand the full financial impact as the legal process unfolds and the market responds.
NEW YORK, NY / ACCESSWIRE / February 21, 2024 / 23andMe (NASDAQ:ME) was hacked in December 2023, affecting approximately 7 million users of its genetic services website. According to a recently filed class complaint, hackers who infiltrated 23andMe's system were after the personal information of Jewish and Chinese customers, but the company hid that detail when notifying affected customers.
The hackers specifically targeted the personal genetic information of Jewish and Chinese customers and compiled that data - including genetic heritage, names, and addresses - into lists that were then sold on the dark web, but 23andMe concealed both those revelations when it announced the extent of the breach in December 2023.
According to the lawsuit, the hacker leaked a list of over 1 million Jewish customers expressly in retribution for the Israel-Hamas war. The hacker was also more than happy to leak a list of 350,000 Chinese customers upon request from a user with the alias "Wuhan."These lists generated a huge amount of interest from hackers on the dark web from all over the world and were shared and reshared an untold number of times.
The disclosure of these lists threatens the safety of those customers, including from the Chinese government, which has a long history of tracking Chinese citizens.
According to the lawsuit,to this day, 23andMe has not informed the 7 million compromised customers that their personal genetic information was disclosed on the dark web, nor has it told its Jewish and Chinese customers that they were specifically targeted.
IF YOU ARE A VULNERABLE person whose personal genetic information identifies you as having Ashkenazi Jewish heritage or Chinese ancestry, and/or live in California, Illinois, Oregon, or Alaska, please contact us to review your rights and eligibility for compensation:
ADDITIONAL BACKGROUND:
According to a recently filed class action complaint, on Oct. 1, 2023, a hacker using the alias "Golem" leaked the 23andMe data of 1 million Ashkenazi Jews on Breach Forums, calling it "the most valuable data you'll ever see."
"Golem's explicit targeting of Jewish 23andMe users is further conveyed by his use of the character 'Gollum' from The Lord of the Rings - a creature driven by greed with ugly and outsized facial features - as his profile picture."
A few hours later, a user with the alias "Wuhan" asked Golem if he had "Chinese accounts," according to the complaint. The next day, Golem leaked the data of 7 million users, saying in the post that the customer information included phenotype and health information, photos, and identification data.
Golem listed prices for the customer profiles at
Interest in the leaked Jewish and Chinese information was immediate and overwhelming following an Israeli bombing of a Palestinian hospital.
23andMe attempted to shift the blame to customers, telling them the breach was a result of customers using recycled login credentials from their accounts on other websites.Further, 23andMe then waited until December to report that 7 million customers were directly affected by the breach and didn't say anything about the data being sold on the dark web or that Jewish and Chinese customers were specifically targeted.
Levi Korsinsky, LLP is investigating whether affected customers are entitled to compensation. If you have received a notice about the data breach, you may be entitled to compensation. There is no cost or obligation to participate. Follow the link below to find out more:
Levi & Korsinsky is a nationally recognized consumer advocacy law firm that has recovered hundreds of millions of dollars against large corporations. The firm's team of over 70 extraordinary attorneys and professionals have a winning track record going against the most powerful defense attorneys in the world and know how to maximize your compensation. The firm is a
Levi & Korsinsky, LLP
Joseph E. Levi, Esq.
33 Whitehall Street, 17th Floor
New York, NY 10004
jlevi@levikorsinsky.com
Tel: (212) 363-7500
Fax: (212) 363-7171
www.zlk.com
CONTACT:
Levi & Korsinsky, LLP
Joseph E. Levi, Esq.
Ed Korsinsky, Esq.
33 Whitehall Street, 17th Floor
New York, NY 10004
jlevi@levikorsinsky.com
Tel: (212) 363-7500
Fax: (212) 363-7171
https://zlk.com/
SOURCE: Levi & Korsinsky, LLP
View the original press release on accesswire.com
FAQ
What was the impact of the data breach on 23andMe (ME) users?
How did the hackers use the compromised data from 23andMe (ME)?
Why is the breach particularly concerning for Jewish and Chinese customers of 23andMe (ME)?
What actions has 23andMe (ME) taken following the data breach?
What legal implications has the data breach brought upon 23andMe (ME)?
