23andMe Holding Co (NASDAQ: ME) Jewish and Chinese Users
23andMe (NASDAQ: ME) faced a major data breach in December 2023, affecting approximately 7 million users. A class action lawsuit alleges that hackers specifically targeted Jewish and Chinese customers' genetic information, compiling and selling it on the dark web. The breach reportedly exposed data of over 1 million Jewish customers and 350,000 Chinese customers.
Key points:
- Hackers targeted personal genetic information, names, and addresses of Jewish and Chinese customers
- Data was sold on the dark web, with prices ranging from $1,000 for 100 profiles to $100,000 for 100,000 profiles
- 23andMe allegedly concealed the targeted nature of the breach when notifying affected customers
- The company initially blamed the breach on customers using recycled login credentials
- A class action lawsuit is being pursued for affected customers, particularly those with Ashkenazi Jewish heritage or Chinese ancestry
23andMe (NASDAQ: ME) ha subito una violazione dei dati significativa nel dicembre 2023, che ha colpito circa 7 milioni di utenti. Una causa collettiva sostiene che gli hacker abbiano mirato specificamente alle informazioni genetiche dei clienti ebrei e cinesi, compilando e vendendo tali dati nel dark web. Si riporta che la violazione ha esposto i dati di oltre 1 milione di clienti ebrei e 350.000 clienti cinesi.
Punti chiave:
- Gli hacker hanno preso di mira informazioni genetiche personali, nomi e indirizzi di clienti ebrei e cinesi
- I dati sono stati venduti nel dark web, con prezzi che variano da $1.000 per 100 profili a $100.000 per 100.000 profili
- 23andMe avrebbe nascosto la natura mirata della violazione durante la notifica ai clienti interessati
- L’azienda inizialmente ha incolpato la violazione su clienti che utilizzavano credenziali di accesso riciclate
- È in corso una causa collettiva per i clienti colpiti, in particolare quelli con origini ebraiche ashkenazite o cinesi
23andMe (NASDAQ: ME) enfrentó una importante violación de datos en diciembre de 2023, afectando aproximadamente a 7 millones de usuarios. Una demanda colectiva alega que los hackers apuntaron específicamente a la información genética de clientes judíos y chinos, compilando y vendiendo estos datos en la deep web. Se informa que la violación expuso los datos de más de 1 millón de clientes judíos y 350,000 clientes chinos.
Puntos clave:
- Los hackers apuntaron a información genética personal, nombres y direcciones de clientes judíos y chinos
- Los datos fueron vendidos en la deep web, con precios que van desde $1,000 por 100 perfiles hasta $100,000 por 100,000 perfiles
- 23andMe supuestamente ocultó la naturaleza específica de la violación al notificar a los clientes afectados
- La compañía inicialmente culpó la violación a los clientes que usaban credenciales recicladas
- Se está llevando a cabo una demanda colectiva para los clientes afectados, especialmente aquellos con ascendencia judía ashkenazí o china
23andMe (NASDAQ: ME)는 2023년 12월 심각한 데이터 유출 사건을 겪어 약 700만 사용자에게 영향을 미쳤습니다. 집단 소송은 해커가 특히 유대인 및 중국 고객의 유전자 정보를 겨냥하여 이를 수집하고 다크 웹에서 판매했다고 주장하고 있습니다. 이 유출로 약 100만 명의 유대인 고객과 35만 명의 중국 고객의 데이터가 노출된 것으로 보고되고 있습니다.
주요 사항:
- 해커는 유대인 및 중국 고객의 개인 유전자 정보, 이름 및 주소를 겨냥했습니다
- 데이터는 다크 웹에서 판매되었으며, 100 프로필에 대해 $1,000에서 100,000 프로필에 대해 $100,000까지의 가격이 부과되었습니다
- 23andMe는 영향을 받은 고객에게 통보할 때 유출의 특수성을 숨겼다고 전해집니다
- 회사는 처음에 유출의 원인을 재활용된 로그인 자격 증명을 사용하는 고객에게 돌렸습니다
- 특히 아슈케나즘 유대인 혈통이나 중국 혈통을 가진 피해 고객들을 위한 집단 소송이 진행되고 있습니다
23andMe (NASDAQ: ME) a subi une importante violation de données en décembre 2023, affectant environ 7 millions d'utilisateurs. Un recours collectif allègue que des hackers ont spécifiquement ciblé les informations génétiques des clients juifs et chinois, les compilant et les vendant sur le dark web. Selon les rapports, la violation aurait exposé les données de plus d'un million de clients juifs et 350 000 clients chinois.
Points clés :
- Les hackers ont ciblé les informations génétiques personnelles, les noms et les adresses des clients juifs et chinois
- Les données ont été vendues sur le dark web, avec des prix allant de 1 000 $ pour 100 profils à 100 000 $ pour 100 000 profils
- 23andMe aurait dissimulé la nature ciblée de la violation lors de la notification des clients concernés
- L'entreprise a initialement blâmé la violation sur des clients utilisant des identifiants de connexion recyclés
- Un recours collectif est en cours pour les clients touchés, en particulier ceux ayant des origines juives ashkénazes ou chinoises
23andMe (NASDAQ: ME) hatte im Dezember 2023 einen schweren Datenmissbrauch, der etwa 7 Millionen Nutzer betraf. Eine Sammelklage behauptet, dass Hacker gezielt genetische Informationen von jüdischen und chinesischen Kunden anvisierten, diese sammelten und im Dark Web verkauften. Berichten zufolge wurden die Daten von über 1 Million jüdischen Kunden und 350.000 chinesischen Kunden offengelegt.
Hauptpunkte:
- Hacker zielten auf persönliche genetische Informationen, Namen und Adressen von jüdischen und chinesischen Kunden ab
- Daten wurden im Dark Web verkauft, die Preise reichten von 1.000 $ für 100 Profile bis zu 100.000 $ für 100.000 Profile
- 23andMe soll die gezielte Natur des Vorfalls bei der Benachrichtigung betroffener Kunden verschwiegen haben
- Das Unternehmen gab zunächst den Kunden die Schuld, die recycelte Anmeldedaten verwendeten
- Eine Sammelklage wird für betroffene Kunden, insbesondere für solche mit aschkenasischer jüdischer Abstammung oder chinesischer Abstammung, verfolgt
- None.
- Major data breach affecting approximately 7 million users
- Targeted exposure of Jewish and Chinese customers' genetic information
- Personal data sold on the dark web, compromising user privacy and safety
- Potential legal and financial consequences from class action lawsuit
- Reputational damage due to alleged concealment of breach details
Insights
This data breach at 23andMe is extremely concerning from a cybersecurity standpoint. The targeted nature of the attack, focusing on specific ethnic groups, adds a layer of complexity and potential for harm beyond typical data breaches. The alleged concealment of important details about the breach by 23andMe is particularly troubling, as it may have prevented affected users from taking necessary precautions.
The sale of genetic data on the dark web poses significant privacy risks. Genetic information is uniquely sensitive, as it can't be changed like passwords or credit card numbers. This breach could have long-lasting implications for affected individuals, potentially exposing them to discrimination, identity theft, or even physical harm.
From a security perspective, 23andMe's initial response blaming users for recycled credentials seems inadequate. While password hygiene is important, companies holding such sensitive data must implement robust security measures, including multi-factor authentication and advanced threat detection systems.
This situation presents significant legal challenges for 23andMe. The company may face substantial liability under various data protection laws, including the California Consumer Privacy Act (CCPA) and potentially the EU's General Data Protection Regulation (GDPR) if European citizens are affected.
The alleged concealment of critical information about the breach could be viewed as a violation of data breach notification laws, which typically require timely and comprehensive disclosure. This could lead to regulatory fines and penalties.
The class action lawsuit is likely to focus on 23andMe's duty of care in protecting sensitive genetic information and its response to the breach. The targeted nature of the attack against specific ethnic groups could potentially lead to claims of discrimination or failure to adequately protect vulnerable populations.
If the allegations are proven, 23andMe may face substantial financial and reputational damage, potentially including compensatory damages, punitive damages and costs associated with identity theft protection for affected users.
This breach raises profound ethical concerns regarding the handling of genetic data. The targeted nature of the attack against Jewish and Chinese individuals highlights the potential for genetic information to be weaponized for discriminatory purposes. This incident underscores the need for stringent ethical guidelines and regulatory frameworks in genetic testing services.
The alleged concealment of important information by 23andMe is ethically problematic, as it potentially denied affected individuals the right to make informed decisions about their personal safety and privacy. This breach may erode public trust in genetic testing services, potentially hampering valuable medical research that relies on such data.
Moreover, the incident raises questions about the long-term implications of genetic data collection. As this information cannot be changed or reclaimed once leaked, it poses lifelong risks to affected individuals and potentially their relatives. This case may serve as a catalyst for more robust discussions on the ethical responsibilities of companies handling genetic data and the need for enhanced protections for consumers.
NEW YORK, NY / ACCESSWIRE / August 8, 2024 / 23andMe (NASDAQ:ME) was hacked in December 2023, affecting approximately 7 million users of its genetic services website. According to a recently filed class complaint, hackers who infiltrated 23andMe's system were after the personal information of Jewish and Chinese customers, but the company hid that detail when notifying affected customers.
The hackers specifically targeted the personal genetic information of Jewish and Chinese customers and compiled that data - including genetic heritage, names, and addresses - into lists that were then sold on the dark web, but 23andMe concealed both those revelations when it announced the extent of the breach in December 2023.
According to the lawsuit, the hacker leaked a list of over 1 million Jewish customers expressly in retribution for the Israel-Hamas war. The hacker was also more than happy to leak a list of 350,000 Chinese customers upon request from a user with the alias "Wuhan." These lists generated a huge amount of interest from hackers on the dark web from all over the world and were shared and reshared an untold number of times.
The disclosure of these lists threatens the safety of those customers, including from the Chinese government, which has a long history of tracking Chinese citizens.
According to the lawsuit, to this day, 23andMe has not informed the 7 million compromised customers that their personal genetic information was disclosed on the dark web, nor has it told its Jewish and Chinese customers that they were specifically targeted.
IF YOU ARE A VULNERABLE person whose personal genetic information identifies you as having Ashkenazi Jewish heritage or Chinese ancestry, and/or live in California, Illinois, Oregon, or Alaska, please contact us to review your rights and eligibility for compensation:
ADDITIONAL BACKGROUND:
According to a recently filed class action complaint, on Oct. 1, 2023, a hacker using the alias "Golem" leaked the 23andMe data of 1 million Ashkenazi Jews on Breach Forums, calling it "the most valuable data you'll ever see."
"Golem's explicit targeting of Jewish 23andMe users is further conveyed by his use of the character 'Gollum' from The Lord of the Rings - a creature driven by greed with ugly and outsized facial features - as his profile picture."
A few hours later, a user with the alias "Wuhan" asked Golem if he had "Chinese accounts," according to the complaint. The next day, Golem leaked the data of 7 million users, saying in the post that the customer information included phenotype and health information, photos, and identification data.
Golem listed prices for the customer profiles at
Interest in the leaked Jewish and Chinese information was immediate and overwhelming following an Israeli bombing of a Palestinian hospital.
23andMe attempted to shift the blame to customers, telling them the breach was a result of customers using recycled login credentials from their accounts on other websites. Further, 23andMe then waited until December to report that 7 million customers were directly affected by the breach and didn't say anything about the data being sold on the dark web or that Jewish and Chinese customers were specifically targeted.
Levi Korsinsky, LLP is investigating whether affected customers are entitled to compensation. If you have received a notice about the data breach, you may be entitled to compensation. There is no cost or obligation to participate. Follow the link below to find out more:
Levi & Korsinsky is a nationally recognized consumer advocacy law firm that has recovered hundreds of millions of dollars against large corporations. The firm's team of over 70 extraordinary attorneys and professionals have a winning track record going against the most powerful defense attorneys in the world and know how to maximize your compensation. The firm is a
CONTACT:
Levi & Korsinsky, LLP
Joseph E. Levi, Esq.
Ed Korsinsky, Esq.
33 Whitehall Street, 17th Floor
New York, NY 10004
jlevi@levikorsinsky.com
Tel: (212) 363-7500
Fax: (212) 363-7171
https://zlk.com/
SOURCE: Levi & Korsinsky, LLP
View the original press release on accesswire.com
FAQ
What was the extent of the 23andMe data breach in December 2023?
How were 23andMe (ME) customers' data compromised in the breach?
What is the price range for the stolen 23andMe (ME) customer profiles on the dark web?
How did 23andMe (ME) initially respond to the data breach?
What legal action is being taken against 23andMe (ME) regarding the data breach?
