Genetic Data Leak Leads to Lawsuits against 23andMe
In October 2023, 23andMe, a leading genetic testing company, admitted to a leakage of its users’ genetic data, resulting in a wave of court claims against the company. According to the New York Times, one of the lawsuits accuses 23andMe of failing to inform customers that they were targeted by hackers due to their Chinese and Jewish (Ashkenazi) origins. The plaintiffs claim that hackers collected and published the genetic test results of these users on the dark web.
The lawsuit was filed with the Federal Court of San Francisco after it was revealed that the hacking had gone unnoticed for several months. The hackers exploited the leaked data to gain access to customer accounts since April 2023.
The breach was only discovered by the company in October when hackers published personal information, including names, home addresses, and birth dates, of one million users with Ashkenazi origins on the Breachforum forum.
Furthermore, hackers also posted information about 100,000 Chinese users after a request for access to “Chinese accounts” and announced access to 350,000 profiles that were ready for publication with sufficient interest. In mid-October, the same hackers offered data about “rich families supporting Zionism” following an explosion at the Al-Ahli Arab Hospital in Gaza.
The plaintiffs emphasize that in the current geopolitical and social climate, the risks for users whose data was exposed, including their names and addresses, are heightened. They are seeking resolution of the case and compensation for both moral and material damages.
While 23andMe has publicly stated that the hackers did not directly access its systems, emphasizing that the hacking was limited to specific user accounts and carried out due to data leakage from other platforms, questions arise as to the company’s responsibility in ensuring the safety and security of its customers’ information. It is argued that additional methods of protecting accounts should be enforced by companies, especially considering the sensitive nature of the data stored on their servers.