Genetic testing company 23andMe, known for shedding light on your family tree's secrets, finds itself in turbulent waters. Recent reports have unveiled a data breach that has left over a million users' information exposed on the dark web, sparking outrage among customers who entrusted their data to the company.
Since it failed to protect customers' data, particularly those from Ashkenazi Jews, it is now facing multiple class action lawsuits from the plaintiffs.
Extent of the 23andMe Data Leak
According to a report by Gizmodo, the large-scale breach that hit 23andMe encompasses a vast dataset, including users' names, genders, birthdates, geographical locations, profile pictures, and genetic ancestry results.
Notably, the compromised data appears to be tied to individuals of Ashkenazi Jewish descent, with some Chinese users affected, per The Record's report. Even more concerning, the breach reportedly involves accounts of prominent figures, such as tech luminaries Elon Musk, Sergei Brin, and Mark Zuckerberg.
While 23andMe has confirmed the authenticity of the breached data, the company denies any technical hacking incident. Instead, they suggest that customer accounts were accessed through previously compromised login credentials.
...we believe threat actors were able to access certain accounts in instances where users recycled login credentials - that is, usernames and passwords that were used on 23andMe.com were the same as those used on other websites that have been previously hacked.
Related Article: 23andMe Leak: Hacker Claims to Steal Millions of Users' Data-Here's How to Protect Yourself
Multiple Class Action Lawsuits Filed to 23andMe
Not content with waiting for a thorough cybersecurity investigation, some affected customers have taken matters into their own hands.
A class action lawsuit filed in California, as per Bleeping Computer, alleges 23andMe's inadequate cybersecurity practices. It asserts that the company's digital security measures were insufficient, resulting in heightened risks of fraud and identity theft for its users.
To see the class action complaint, click Lamons, Santana, Eden, Andrizzi.
The lawsuit aims to secure damages on behalf of those impacted.
Genetic Data is Highly Vulnerable
The world of genetics is a goldmine for cybercriminals and nation-state hackers. Giving your data even to a trusted company is not guaranteed to be safe. Still, malicious actors can take advantage of your personal information.
The 23andMe wasn't the first case for a genetics testing provider. In fact, more genomics firms and laboratories have been hit by cyberattacks in recent years.
It should be noted that some companies share their customers' data with other parties without consent. This is the alarming part when you give your data without knowing the consequences that you might encounter.
While 23andMe claims to resist such requests from law enforcement, the same cannot be said for all industry players. In 2018, 23andMe stirred controversy by announcing its intent to sell anonymized genetic information to pharmaceutical giant GlaxoSmithKline.
If you truly value your genetic data that are traced back to your ancestors, you should always exercise extreme caution when sharing it.
There's no harm in sharing especially if it's done by a reliable brand. However, you should take into account that it will still get exposed if any hacking incident arises, no matter how secure its cybersecurity practice is.
The recent breach at 23andMe serves as a stark reminder of the importance of robust cybersecurity measures and responsible data handling in the ever-expanding genomics industry.
Read Also: eBay Scams: How to Spot Them and Protect Yourself from Scammers
