LegalData Privacy
AT&T Data Breach Settlement: Are You Eligible for Up to $7,500?
Millions of AT&T customers are potentially eligible for payouts from a \$177 million settlement resulting from two data breaches in 2024. Th...
10 months ago
LegalData Privacy
23andMe Faces Lawsuit Over 2023 Data Breach: What You Need to Know
13 days agoUS
Genetic testing company 23andMe is facing a lawsuit from California Attorney General Rob Bonta following a 2023 data breach that exposed the sensitive information of nearly 7 million users. The lawsuit alleges that 23andMe failed to adequately protect user data, leading to the breach and subsequent sale of stolen data on the dark web. This article breaks down the key details of the lawsuit and what it means for consumers.
Key Insights
•
California Attorney General Rob Bonta is suing Chrome Holding Co. (formerly 23andMe) over a 2023 data breach that affected nearly 7 million users.
•
The lawsuit alleges that 23andMe failed to protect user data, and that the company was aware of suspicious activity months before acknowledging the breach.
•
Stolen data, including raw genetic information and health reports, was offered for sale on the dark web, specifically targeting Asian-Pacific Islander and Ashkenazi Jewish users.
•
The breach occurred due to a “credential stuffing” attack, where hackers used passwords exposed in previous breaches to access 23andMe accounts.
•
23andMe is already dealing with the aftermath of the data breach, including a class-action lawsuit, bankruptcy proceedings, and a fine from the UK Information Commissioner's Office (ICO).
Why this matters: This lawsuit highlights the critical importance of data protection, especially for companies handling sensitive genetic information. Consumers need to understand the risks involved in sharing their data and the steps companies should take to protect it.
In-Depth Analysis
Background
23andMe, founded in 2006, gained popularity for its direct-to-consumer DNA test kits, providing users with insights into their ancestry and genetic predispositions. However, the company has faced challenges in maintaining a sustainable business model, leading to bankruptcy proceedings and a sale to TTAM Research Institute.
The Data Breach
The 2023 data breach exposed a significant vulnerability in 23andMe's security measures. Hackers were able to access approximately 14,000 accounts, ultimately stealing the data of nearly 7 million customers. The stolen data included sensitive information such as:
•
Raw genetic data
•
Health reports
•
DNA shared with relatives
•
Locations and birth years of relatives
Legal and Regulatory Repercussions
In addition to the lawsuit from the California Attorney General, 23andMe has faced other legal and regulatory challenges related to the data breach:
•
Class-Action Lawsuit:: 23andMe agreed to pay a $30 million cash settlement in a class-action lawsuit stemming from the data breach.
•
UK ICO Fine:: The UK Information Commissioner's Office (ICO) fined 23andMe £2.31 million for failing to implement adequate security measures to protect user data.
How to Prepare
•
Change Passwords:: If you have a 23andMe account, change your password immediately and ensure it is unique and strong.
•
Enable Multi-Factor Authentication:: If available, enable multi-factor authentication on your 23andMe account.
•
Monitor Your Accounts:: Keep a close eye on your financial and personal accounts for any suspicious activity.
Who This Affects Most
This data breach disproportionately affects individuals of Asian-Pacific Islander and Ashkenazi Jewish descent, as their data was specifically targeted and offered for sale on the dark web during a period of rising hate and violence against these communities.
Data-Driven Insights
The lawsuit reveals that 23andMe detected suspicious login attempts as early as July 2023, yet failed to take appropriate action. This highlights the importance of proactive monitoring and timely response to potential security threats.
FAQs
•
Q: What is credential stuffing?
Credential stuffing is a type of cyberattack where hackers use stolen usernames and passwords from previous data breaches to attempt to log in to other accounts.
•
Q: What type of data was exposed in the 23andMe data breach?
The exposed data included raw genetic data, health reports, DNA shared with relatives, and locations and birth years of relatives.
•
Q: What steps has 23andMe taken to address the data breach?
23andMe has implemented two-step verification for logging in and required new customer passwords. The company has also made commitments to enhance protections for customer data and privacy.
Key Takeaways
•
23andMe's data breach underscores the need for robust data protection measures, especially when dealing with sensitive genetic information.
•
Consumers should be aware of the risks involved in sharing their data with genetic testing companies and take steps to protect their accounts.
•
The lawsuit against 23andMe highlights the legal and regulatory consequences of failing to protect user data.
Discussion
Do you think 23andMe handled the data breach appropriately? What steps do you take to protect your online data? Share this article with others who need to stay ahead of this trend!
Related Articles
⚠ Disclaimer: Yanuki provides article summaries and links for reference only. Yanuki does not endorse, verify, or guarantee the accuracy of third-party sources. Please review original sources and verify information independently. Managed by the Yanuki Data Engine. Full Disclaimer