DATA BREACH- 23andMe Jewish & Chinese Consumers May be Affected
- The hack affected approximately 7 million users of 23andMe's genetic services website
- Hackers targeted the personal genetic information of Jewish and Chinese customers
- The company concealed these details when notifying affected customers
- A class action lawsuit has been filed against 23andMe for failing to inform its customers about the extent of the breach and the specific targeting of Jewish and Chinese customers
- The company's attempt to shift the blame to customers and the delayed reporting of the breach further complicate the situation
- The company concealed the specific targeting of Jewish and Chinese customers when notifying affected customers
- The delayed reporting of the breach poses a threat to the safety of the compromised customers
Insights
The incident involving 23andMe represents a significant breach of cybersecurity, raising substantial concerns about data protection and privacy. The targeted nature of the attack, focusing on the genetic information of Jewish and Chinese customers, suggests a sophisticated level of threat actor who can recognize and exploit the value of genetic data. The sale of this sensitive information on the dark web is particularly alarming, as it opens the door to potential misuse, such as identity theft, discrimination and even geopolitical targeting.
From a cybersecurity perspective, this incident underscores the importance of robust data encryption, secure authentication mechanisms and continuous monitoring for unusual access patterns. It also highlights the need for transparent incident response protocols. Companies holding sensitive data must be prepared to act swiftly and communicate honestly with affected individuals to mitigate harm and maintain trust.
For businesses handling personal data, this breach serves as a stark reminder of the reputational and financial risks associated with cybersecurity failures. Such breaches can lead to loss of consumer confidence, legal liabilities and regulatory scrutiny, all of which can have a lasting impact on a company's bottom line and stock performance.
The legal implications of the 23andMe data breach are extensive. The class action lawsuit indicates that the company may have failed in its duty to protect customer data and to adequately inform affected individuals about the specifics of the breach. If these allegations are proven, 23andMe could face significant legal liabilities, including penalties under data protection laws and compensation claims from those affected.
Furthermore, the delay in reporting the breach and the lack of specificity in the initial disclosure could be seen as a violation of various state, federal and international privacy regulations. This might result in regulatory fines and enforcement actions. The legal proceedings will likely scrutinize the company's data security measures, incident response strategy and compliance with notification requirements.
The case also raises questions about the ethical responsibilities of genetic testing companies to protect their customers' most personal data. This lawsuit could set a precedent for how genetic information should be safeguarded and could influence future legislation in this rapidly evolving field.
The data breach at 23andMe has the potential to significantly affect the company's financial health. In the short term, the company may incur direct costs associated with the breach, such as legal fees, settlements and increased spending on cybersecurity measures. There could also be indirect costs, including customer churn and damage to brand reputation.
In the long term, the breach could impact revenue streams if customers lose trust in the company's ability to protect their data, potentially leading to a decrease in new subscriptions and the utilization of services. Additionally, ongoing legal challenges could distract management and result in increased regulatory oversight, which might constrain the company's operational flexibility.
Investors and stakeholders should closely monitor the company's response to the breach, the outcomes of legal proceedings and any subsequent regulatory changes. These factors will be critical in assessing the long-term impact on the company's stock performance and overall market position.
NEW YORK, NY / ACCESSWIRE / February 8, 2024 / 23andMe (NASDAQ:ME) was hacked in December 2023, affecting approximately 7 million users of its genetic services website. According to a recently filed class complaint, hackers who infiltrated 23andMe's system were after the personal information of Jewish and Chinese customers, but the company hid that detail when notifying affected customers.
The hackers specifically targeted the personal genetic information of Jewish and Chinese customers and compiled that data - including genetic heritage, names, and addresses - into lists that were then sold on the dark web, but 23andMe concealed both those revelations when it announced the extent of the breach in December 2023.
According to the lawsuit, the hacker leaked a list of over 1 million Jewish customers expressly in retribution for the Israel-Hamas war. The hacker was also more than happy to leak a list of 350,000 Chinese customers upon request from a user with the alias "Wuhan."These lists generated a huge amount of interest from hackers on the dark web from all over the world and were shared and reshared an untold number of times.
The disclosure of these lists threatens the safety of those customers, including from the Chinese government, which has a long history of tracking Chinese citizens.
According to the lawsuit,to this day, 23andMe has not informed the 7 million compromised customers that their personal genetic information was disclosed on the dark web, nor has it told its Jewish and Chinese customers that they were specifically targeted.
IF YOU ARE A VULNERABLE person whose personal genetic information identifies you as having Ashkenazi Jewish heritage or Chinese ancestry, and/or live in California, Illinois, Oregon, or Alaska, please contact us to review your rights and eligibility for compensation:
ADDITIONAL BACKGROUND:
According to a recently filed class action complaint, on Oct. 1, 2023, a hacker using the alias "Golem" leaked the 23andMe data of 1 million Ashkenazi Jews on Breach Forums, calling it "the most valuable data you'll ever see."
"Golem's explicit targeting of Jewish 23andMe users is further conveyed by his use of the character 'Gollum' from The Lord of the Rings - a creature driven by greed with ugly and outsized facial features - as his profile picture."
A few hours later, a user with the alias "Wuhan" asked Golem if he had "Chinese accounts," according to the complaint. The next day, Golem leaked the data of 7 million users, saying in the post that the customer information included phenotype and health information, photos, and identification data.
Golem listed prices for the customer profiles at
Interest in the leaked Jewish and Chinese information was immediate and overwhelming following an Israeli bombing of a Palestinian hospital.
23andMe attempted to shift the blame to customers, telling them the breach was a result of customers using recycled login credentials from their accounts on other websites.Further, 23andMe then waited until December to report that 7 million customers were directly affected by the breach and didn't say anything about the data being sold on the dark web or that Jewish and Chinese customers were specifically targeted.
Levi Korsinsky, LLP is investigating whether affected customers are entitled to compensation. If you have received a notice about the data breach, you may be entitled to compensation. There is no cost or obligation to participate. Follow the link below to find out more:
Levi & Korsinsky is a nationally recognized consumer advocacy law firm that has recovered hundreds of millions of dollars against large corporations. The firm's team of over 70 extraordinary attorneys and professionals have a winning track record going against the most powerful defense attorneys in the world and know how to maximize your compensation. The firm is a
Levi & Korsinsky, LLP
Joseph E. Levi, Esq.
33 Whitehall Street, 17th Floor
New York, NY 10004
jlevi@levikorsinsky.com
Tel: (212) 363-7500
Fax: (212) 363-7171
www.zlk.com
CONTACT:
Levi & Korsinsky, LLP
Joseph E. Levi, Esq.
Ed Korsinsky, Esq.
33 Whitehall Street, 17th Floor
New York, NY 10004
jlevi@levikorsinsky.com
Tel: (212) 363-7500
Fax: (212) 363-7171
https://zlk.com/
SOURCE: Levi & Korsinsky, LLP
View the original press release on accesswire.com
FAQ
What happened to 23andMe (ME) in December 2023?
Who were the hackers targeting in the 23andMe hack?
What did the hackers do with the stolen data?
What actions have been taken against 23andMe after the hack?
What is the impact of 23andMe's delayed reporting of the breach?
