DATA BREACH - 23andMe Jewish & Chinese Consumers May be Affected
23andMe (NASDAQ:ME) faced a significant data breach in December 2023, affecting 7 million users. A recent class action complaint reveals that hackers targeted the genetic information of Jewish and Chinese customers, selling this data on the dark web. The breach was allegedly hidden from affected users by the company, who did not disclose the specific targeting of Jewish and Chinese users. The data leak occurred on October 1, 2023, and included sensitive information such as phenotype and health data. This incident has led to significant safety concerns for the affected individuals. Legal firm Levi & Korsinsky, LLP is investigating the breach and potential compensation for affected users.
- 23andMe is addressing the data breach through legal channels, which may provide resolution and compensation for affected users.
- The company's reaction could lead to improved data security measures in the future.
- The data breach affected 7 million users, including sensitive genetic information.
- The hackers targeted Jewish and Chinese customers, posing significant safety concerns.
- 23andMe reportedly concealed the extent and specifics of the breach from affected customers.
- Sensitive data was sold on the dark web, increasing the risk of misuse.
- The company's delayed response may have damaged trust and customer confidence.
- The incident has led to legal actions, which could result in financial and reputational damage.
Insights
Data breaches have become a growing concern in recent years and this particular incident involving 23andMe is notable due to its targeted nature and the sensitivity of the information compromised. Genetic data is extremely personal and can have profound implications for individuals if misused. The breach's specific focus on Jewish and Chinese customers adds an additional layer of complexity and highlights the growing trend of socio-political motivations behind cyber-attacks.
The decision by 23andMe to initially withhold details about the targeting of specific ethnic groups and the extent of the data sold on the dark web is troubling. This lack of transparency can erode customer trust, especially in a company that handles such sensitive data. It also raises questions about their internal security measures and their ability to protect user data effectively. Investors should be aware that data breaches can lead to severe financial penalties, increased regulatory scrutiny and long-term damage to a company's reputation.
From a cybersecurity standpoint, this incident underscores the importance of robust security protocols, including frequent audits, employee training and the implementation of advanced threat detection systems. Companies must also be transparent with their customers about the extent of breaches and the steps being taken to mitigate them.
The breach of 23andMe's database and subsequent filing of a class action lawsuit highlight significant legal ramifications. Companies in possession of sensitive personal data are bound by data protection regulations such as GDPR in Europe and CCPA in California. These regulations mandate strict guidelines for reporting breaches and protecting consumer data. The delay and lack of transparency in notifying affected users can lead to substantial fines and legal penalties.
Furthermore, the targeted nature of the breach—specifically focusing on Jewish and Chinese customers—raises issues of discrimination and failure to safeguard against targeted attacks. This could impose additional liabilities on 23andMe, beyond the typical repercussions of a data breach.
Investors should consider the potential legal costs associated with the class action lawsuit and the possible impact on the company's financial stability. Legal battles can drain resources and unfavorable outcomes could lead to significant financial settlements, further compounding the company's woes.
For a company like 23andMe, which relies heavily on consumer trust to build its customer base, the implications of this data breach are profound. The breach not only affects user data but also diminishes the trust customers place in the company to protect their highly sensitive genetic information. This can lead to a decline in user growth and an increase in customer churn.
The market's response to similar breaches in other companies often indicates a short-term dip in stock prices, followed by a longer-term struggle to regain consumer confidence. Investors should be cautious of the potential for decreased revenue and increased marketing expenditures aimed at rebuilding the brand's reputation.
Moreover, the disclosure that 23andMe attempted to shift blame onto users for using recycled passwords can further harm the company's image, painting it as evasive and unaccountable. This can exacerbate the negative sentiment among both consumers and investors.
NEW YORK, NY / ACCESSWIRE / May 31, 2024 / 23andMe (NASDAQ:ME) was hacked in December 2023, affecting approximately 7 million users of its genetic services website. According to a recently filed class complaint, hackers who infiltrated 23andMe's system were after the personal information of Jewish and Chinese customers, but the company hid that detail when notifying affected customers.
The hackers specifically targeted the personal genetic information of Jewish and Chinese customers and compiled that data - including genetic heritage, names, and addresses - into lists that were then sold on the dark web, but 23andMe concealed both those revelations when it announced the extent of the breach in December 2023.
According to the lawsuit, the hacker leaked a list of over 1 million Jewish customers expressly in retribution for the Israel-Hamas war. The hacker was also more than happy to leak a list of 350,000 Chinese customers upon request from a user with the alias "Wuhan."These lists generated a huge amount of interest from hackers on the dark web from all over the world and were shared and reshared an untold number of times.
The disclosure of these lists threatens the safety of those customers, including from the Chinese government, which has a long history of tracking Chinese citizens.
According to the lawsuit,to this day, 23andMe has not informed the 7 million compromised customers that their personal genetic information was disclosed on the dark web, nor has it told its Jewish and Chinese customers that they were specifically targeted.
IF YOU ARE A VULNERABLE person whose personal genetic information identifies you as having Ashkenazi Jewish heritage or Chinese ancestry, and/or live in California, Illinois, Oregon, or Alaska, please contact us to review your rights and eligibility for compensation:
ADDITIONAL BACKGROUND:
According to a recently filed class action complaint, on Oct. 1, 2023, a hacker using the alias "Golem" leaked the 23andMe data of 1 million Ashkenazi Jews on Breach Forums, calling it "the most valuable data you'll ever see."
"Golem's explicit targeting of Jewish 23andMe users is further conveyed by his use of the character 'Gollum' from The Lord of the Rings - a creature driven by greed with ugly and outsized facial features - as his profile picture."
A few hours later, a user with the alias "Wuhan" asked Golem if he had "Chinese accounts," according to the complaint. The next day, Golem leaked the data of 7 million users, saying in the post that the customer information included phenotype and health information, photos, and identification data.
Golem listed prices for the customer profiles at
Interest in the leaked Jewish and Chinese information was immediate and overwhelming following an Israeli bombing of a Palestinian hospital.
23andMe attempted to shift the blame to customers, telling them the breach was a result of customers using recycled login credentials from their accounts on other websites.Further, 23andMe then waited until December to report that 7 million customers were directly affected by the breach and didn't say anything about the data being sold on the dark web or that Jewish and Chinese customers were specifically targeted.
Levi Korsinsky, LLP is investigating whether affected customers are entitled to compensation. If you have received a notice about the data breach, you may be entitled to compensation. There is no cost or obligation to participate. Follow the link below to find out more:
Levi & Korsinsky is a nationally recognized consumer advocacy law firm that has recovered hundreds of millions of dollars against large corporations. The firm's team of over 70 extraordinary attorneys and professionals have a winning track record going against the most powerful defense attorneys in the world and know how to maximize your compensation. The firm is a
Levi & Korsinsky, LLP
Joseph E. Levi, Esq.
33 Whitehall Street, 17th Floor
New York, NY 10004
jlevi@levikorsinsky.com
Tel: (212) 363-7500
Fax: (212) 363-7171
www.zlk.com
CONTACT:
Levi & Korsinsky, LLP
Joseph E. Levi, Esq.
Ed Korsinsky, Esq.
33 Whitehall Street, 17th Floor
New York, NY 10004
jlevi@levikorsinsky.com
Tel: (212) 363-7500
Fax: (212) 363-7171
https://zlk.com/
SOURCE: Levi & Korsinsky, LLP
View the original press release on accesswire.com
FAQ
What happened in the 23andMe data breach?
Which groups were specifically targeted in the 23andMe data breach?
How many users were affected by the 23andMe data breach?
What type of information was compromised in the 23andMe data breach?
Did 23andMe disclose the specific targeting of Jewish and Chinese customers?
What actions is 23andMe facing due to the data breach?