Last year, hackers accessed 14,000 accounts on 23andMe by using passwords that had been previously breached during security incidents on other websites.
By using this tactic, known as credential stuffing, hackers could access the personal data of millions of 23andMe users who opted into a DNA Relatives feature, including genetic information like the percentage of DNA shared with compromised users.
While 23andMe claimed that the case had no merits, the courts have not yet weighed the many questions raised by users suing the company over alleged harms.
23andMe has been hit with more than 30 lawsuits filed in US federal and state courts, as well as courts in British Columbia and Ontario, Canada, as a result of the breach, suggesting that 23andMe could end up owing much more than $5 million.
Due to the number of victims suing, there is an effort to consolidate these cases through multidistrict litigation to decrease the burden on courts.
In the class action filed by Zavareei's firm, more than 100 victims have accused 23andMe of violating various state laws, including the California Privacy Rights Act-considered the US's toughest consumer privacy law.
This Cyber News was published on packetstormsecurity.com. Publication date: Fri, 05 Jan 2024 15:13:04 +0000