23andMe Faces Legal Backlash Over Data Breach and Blames Victims

Facing a deluge of more than 30 lawsuits from individuals impacted by a substantial data breach, genomics company 23andMe has taken a defensive stance by placing responsibility on the victims themselves.
The breach came to light in October when customer data surfaced for sale on the Dark Web.
Presently, 23andMe is contending with numerous legal actions filed by individual victims, as the cyberattack compromised the user accounts of nearly 7 million users, marking a significant breach in the company's security.
Amidst over 30 legal actions filed by individuals affected by its extensive data breach, 23andMe has adopted a strategy of shifting culpability onto the victims, seeking to exonerate itself from any liability.
This development was communicated in a letter addressed to a cohort of victims.
Hassan Zavareei, a legal representative for the victims who received the letter from 23andMe, expressed concerns that rather than accepting responsibility for the data security breach, the company appears to be distancing itself from its customers and downplaying the severity of the situation.
This comes after 23andMe disclosed in December that hackers had unlawfully accessed the genetic and ancestry data of 6.9 million users, constituting nearly half of its customer base.
The inception of the data breach involved hackers initially gaining entry to approximately 14,000 user accounts.
The perpetrators employed a method known as credential stuffing, wherein they forcefully accessed these initial accounts by employing passwords already identified as linked to the targeted customers.
After infiltrating a mere 14,000 customer accounts initially, the hackers proceeded to extract personal data from an additional 6.9 million customers whose accounts were not directly compromised.
In correspondence addressed to a collective of hundreds of 23andMe users currently pursuing legal action against the company, 23andMe asserted that the users in question had, according to the company, negligently reused and neglected to update their passwords in the aftermath of previous security incidents.
Notably, 23andMe contended that these prior incidents were unrelated to the company's own security measures.
Following the receipt of 23andMe's letter, Dante Termohs, an affected customer of the data breach, expressed his dismay to TechCrunch, stating that he finds it reprehensible that 23andMe is seemingly evading accountability rather than offering assistance to its customers.
23andMe's legal representatives put forth an argument asserting that the pilfered data lacks the capacity to cause monetary harm to the victims.


This Cyber News was published on www.cysecurity.news. Publication date: Sat, 06 Jan 2024 18:13:04 +0000


Cyber News related to 23andMe Faces Legal Backlash Over Data Breach and Blames Victims

23andMe Faces Legal Backlash Over Data Breach and Blames Victims - Facing a deluge of more than 30 lawsuits from individuals impacted by a substantial data breach, genomics company 23andMe has taken a defensive stance by placing responsibility on the victims themselves. The breach came to light in October when ...
10 months ago Cysecurity.news
23andMe failed to detect mega-breach attackers for 5 months The Register - Biotech and DNA-collection biz 23andMe, the one that blamed its own customers for the October mega-breach, just admitted it failed to detect any malicious activity for the entire five months attackers were breaking into user accounts. In a collection ...
9 months ago Go.theregister.com
DNA testing: What happens if your genetic data is hacked? - The personal information of millions of people who sent swabs of their DNA to consumer testing services have been leaked in high profile hacks in recent years, leading to questions about how secure that genetic data is. In autumn 2023, a hacker ...
8 months ago Packetstormsecurity.com
23andMe: It's YOUR Fault We Lost Your Data - DNA testing firm doubles down on blaming victims and sics lawyer on them. Millions of 23andMe users had their personal information stolen last year. Apparently, it's not the firm's responsibility-it's the users' own fault that a distant relative had ...
10 months ago Securityboulevard.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 month ago Aws.amazon.com
Hacker leaks millions of new 23andMe genetic data profiles - A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum. Earlier this month, a threat actor leaked the stolen data of 1 million Ashkenazi Jews who used 23andMe ...
11 months ago Bleepingcomputer.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
10 months ago Securityboulevard.com
23andMe confirms nearly 7 million customers affected in data leak - Nearly 7 million 23andMe customers had their profile data leaked in a cybersecurity incident in October, a company spokesperson confirmed to SC Media on Monday. The vast majority of the leaked data was scraped from the site's DNA Relatives feature ...
11 months ago Packetstormsecurity.com
Legal and Compliance Considerations in Cloud Computing - This paradigm change has faced challenges, primarily legal and compliance issues. This can present severe legal issues, particularly regarding data ownership. According to S. Krishnan, the transforming nature of computing has created legal ...
9 months ago Feeds.dzone.com
23andMe Blames User "Negligence" for Data Breach - DNA testing firm 23andMe has argued the victims are responsible for the breach of highly sensitive genomics data on its systems last year. The DNA testing firm argued this allowed the attackers to launch a credential stuffing campaign using usernames ...
10 months ago Infosecurity-magazine.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
9 months ago Securityzap.com
Law Firms and Legal Departments Get Singled Out For Cyberattacks - Cyberattackers are doubling down on their attacks against law firms and corporate legal departments, moving beyond their historical activity of hacking and leaking secrets to targeting the sector with financial attacks, such as ransomware and ...
11 months ago Darkreading.com
23andMe told victims of data breach that suing is futile, letter shows - Last year, hackers accessed 14,000 accounts on 23andMe by using passwords that had been previously breached during security incidents on other websites. By using this tactic, known as credential stuffing, hackers could access the personal data of ...
10 months ago Packetstormsecurity.com
Infosec experts divided over 23andMe's breach blame game The Register - 23andMe users' godawful password practices were supposedly to blame for the biotech company's October data disaster, according to its legal reps. Nope, the biotech firm's infrastructure management was certainly not at fault in any way when 6.9 ...
10 months ago Go.theregister.com
23andMe says, er, actually some genetic and health data might have been accessed in recent breach - In October we reported that the data of as many as seven million 23andMe customers were for sale on criminal forums following a password attack against the genomics company. Now, a filing with the US Securities and Exchange Commission has provided ...
11 months ago Malwarebytes.com
23andMe: Data Breach Was a Credential-Stuffing Attack - DNA testing company 23andMe has released further details surrounding an October data breach, where user profile information had been accessed and downloaded at the hands of a threat actor. On Oct. 1, a threat actor made a post on the Dark Web ...
11 months ago Darkreading.com
23andMe Is On The Ventilator. Its CEO Remains 'Hopeful' - The Silicon Valley and Wall Street golden kid 23andMe was the DNA testing firm just three years ago. The company is currently in risk of being delisted from the Nasdaq. CEO of 23andMe Anne Wojcicki tells CNN that Wall Street shouldn't write her off ...
8 months ago Cysecurity.news
23andMe responds to breach with new suit-limiting user terms The Register - Security in brief The saga of 23andMe's mega data breach has reached something of a conclusion, with the company saying its probe has determined millions of leaked records originated from illicit break-ins into just 14,000 accounts. In an update on ...
10 months ago Go.theregister.com
23andMe updates user agreement to prevent data breach lawsuits - In October, a threat actor attempted to sell 23andMe customer data and, after failing to do so, leaked the data for 1 million Ashkenazi Jews and 4.1 million people living in the United Kingdom. 23andMe told BleepingComputer that the data was obtained ...
11 months ago Bleepingcomputer.com
How Can DSPM Prevent High-Profile Breaches? - In early October 2023, a DNA testing company for ancestry discovery purposes, 23andMe, disclosed that it suffered a data breach. On the 5th of December 2023, the company shared that the data breach was more damaging than was initially reported. On ...
10 months ago Gbhackers.com
23andMe Says Hackers Saw Data From Millions of Users - Personal genetics firm 23andMe on Tuesday confirmed that hackers using stolen passwords accessed the personal information about 6.9 million of its members. While the hackers were only able to get into about 14,000 accounts, or 0.1 percent of its ...
11 months ago Securityweek.com
Decoding the data dilemma: Strategies for effective data deletion in the age of AI - Businesses today have a tremendous opportunity to use data in new ways, but they must also look at what data they keep and how they use it to avoid potential legal issues. Forrester predicts a doubling of unstructured data in 2024, driven in part by ...
7 months ago Venturebeat.com
Goto Customers Backup Data Breach: Protect Your Business and Handle Data Breach Risks - A data breach at Goto customers exposed their backup data to malicious actors, leading to a data breach that impacted those customers. Businesses need to be aware of the risks associated with data breaches and how to protect their organisations from ...
1 year ago Securityaffairs.com
Ex-Uber CSO: Lessons Learned from the Breach and Legal Case - BLACK HAT EUROPE 2023 - London - Former Uber CISO Joe Sullivan last week shared new details about the 2016 data breach at the company that led to his firing from Uber and, later, felony charges. The Uber Breach Sullivan was in his second year as CISO ...
10 months ago Darkreading.com
Comcast Xfinity Reports Data Breach Exposing Info About 35M Customers - PRESS RELEASE. MARLTON, N.J., Dec. 19, 2023 /PRNewswire/ - Approximately 35 million consumers are being notified that their confidential information was compromised due to a vulnerability in software created by Citrix and used by Xfinity. The data ...
10 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)