23andMe Holding Co (NASDAQ: ME) Jewish and Chinese Users
- None.
- Customers' personal genetic information, including heritage, names, and addresses, was compromised and sold on the dark web, posing a significant threat to their safety.
- 23andMe failed to disclose to the 7 million affected customers that their personal genetic information was exposed on the dark web, specifically targeting Jewish and Chinese customers.
- The company attempted to shift blame to customers by stating that the breach was due to customers using recycled login credentials from other websites.
- Despite the severity of the breach, 23andMe waited until December to report that 7 million customers were directly affected, withholding crucial information from affected individuals.
The incident involving 23andMe's data breach has profound implications for cybersecurity practices within the genetic testing industry. The targeted nature of the attack, focusing on specific ethnic groups, suggests a level of sophistication and intent that raises concerns about the potential for genetic information to be used for discriminatory purposes. Cybersecurity protocols must be re-evaluated in the context of protecting sensitive personal data, particularly where it relates to identifiable characteristics that could be exploited.
Furthermore, the delay in disclosure and the company's initial response to blame customers for using recycled login credentials points to a need for stronger regulatory frameworks that mandate timely and transparent reporting of data breaches. This is essential to maintain consumer trust and to ensure that individuals can take prompt action to protect themselves from identity theft and other forms of cybercrime.
The legal ramifications of the 23andMe breach are significant, particularly in light of the allegations that the company failed to inform its customers of the full extent of the breach. This raises questions about compliance with data protection laws, such as the General Data Protection Regulation (GDPR) in Europe and various state laws in the United States like the California Consumer Privacy Act (CCPA). The class action lawsuit indicates potential legal exposure for failing to adequately protect customer data and for not being forthcoming about the breach's details.
Moreover, the targeting of specific ethnic groups may implicate anti-discrimination laws and could lead to increased scrutiny from human rights organizations. The sale of this sensitive data on the dark web further complicates legal proceedings, as it involves international jurisdictional challenges and the need for cross-border cooperation in cybercrime investigations.
The breach's impact on 23andMe's financial health and stock market performance could be substantial. Data breaches often result in direct costs associated with legal fees, settlements, increased security measures and potential fines from regulatory bodies. Indirect costs may include reputational damage leading to customer churn and reduced sales. Investors will be closely monitoring the company's response and the potential financial implications, including any changes in user growth, retention rates and the cost of capital.
It is also crucial to consider the broader market implications, as other companies in the genetic testing and personal health data sectors may experience increased scrutiny and pressure to enhance their cybersecurity measures, which could lead to industry-wide shifts in investment and innovation priorities.
NEW YORK, NY / ACCESSWIRE / February 22, 2024 / 23andMe (NASDAQ:ME) was hacked in December 2023, affecting approximately 7 million users of its genetic services website. According to a recently filed class complaint, hackers who infiltrated 23andMe's system were after the personal information of Jewish and Chinese customers, but the company hid that detail when notifying affected customers.
The hackers specifically targeted the personal genetic information of Jewish and Chinese customers and compiled that data - including genetic heritage, names, and addresses - into lists that were then sold on the dark web, but 23andMe concealed both those revelations when it announced the extent of the breach in December 2023.
According to the lawsuit, the hacker leaked a list of over 1 million Jewish customers expressly in retribution for the Israel-Hamas war. The hacker was also more than happy to leak a list of 350,000 Chinese customers upon request from a user with the alias "Wuhan."These lists generated a huge amount of interest from hackers on the dark web from all over the world and were shared and reshared an untold number of times.
The disclosure of these lists threatens the safety of those customers, including from the Chinese government, which has a long history of tracking Chinese citizens.
According to the lawsuit,to this day, 23andMe has not informed the 7 million compromised customers that their personal genetic information was disclosed on the dark web, nor has it told its Jewish and Chinese customers that they were specifically targeted.
IF YOU ARE A VULNERABLE person whose personal genetic information identifies you as having Ashkenazi Jewish heritage or Chinese ancestry, and/or live in California, Illinois, Oregon, or Alaska, please contact us to review your rights and eligibility for compensation:
ADDITIONAL BACKGROUND:
According to a recently filed class action complaint, on Oct. 1, 2023, a hacker using the alias "Golem" leaked the 23andMe data of 1 million Ashkenazi Jews on Breach Forums, calling it "the most valuable data you'll ever see."
"Golem's explicit targeting of Jewish 23andMe users is further conveyed by his use of the character 'Gollum' from The Lord of the Rings - a creature driven by greed with ugly and outsized facial features - as his profile picture."
A few hours later, a user with the alias "Wuhan" asked Golem if he had "Chinese accounts," according to the complaint. The next day, Golem leaked the data of 7 million users, saying in the post that the customer information included phenotype and health information, photos, and identification data.
Golem listed prices for the customer profiles at
Interest in the leaked Jewish and Chinese information was immediate and overwhelming following an Israeli bombing of a Palestinian hospital.
23andMe attempted to shift the blame to customers, telling them the breach was a result of customers using recycled login credentials from their accounts on other websites.Further, 23andMe then waited until December to report that 7 million customers were directly affected by the breach and didn't say anything about the data being sold on the dark web or that Jewish and Chinese customers were specifically targeted.
Levi Korsinsky, LLP is investigating whether affected customers are entitled to compensation. If you have received a notice about the data breach, you may be entitled to compensation. There is no cost or obligation to participate. Follow the link below to find out more:
Levi & Korsinsky is a nationally recognized consumer advocacy law firm that has recovered hundreds of millions of dollars against large corporations. The firm's team of over 70 extraordinary attorneys and professionals have a winning track record going against the most powerful defense attorneys in the world and know how to maximize your compensation. The firm is a
Levi & Korsinsky, LLP
Joseph E. Levi, Esq.
33 Whitehall Street, 17th Floor
New York, NY 10004
jlevi@levikorsinsky.com
Tel: (212) 363-7500
Fax: (212) 363-7171
www.zlk.com
CONTACT:
Levi & Korsinsky, LLP
Joseph E. Levi, Esq.
Ed Korsinsky, Esq.
33 Whitehall Street, 17th Floor
New York, NY 10004
jlevi@levikorsinsky.com
Tel: (212) 363-7500
Fax: (212) 363-7171
https://zlk.com/
SOURCE: Levi & Korsinsky, LLP
View the original press release on accesswire.com
