October 13, 2023 at 04:16PM
Genetic testing provider 23andMe is facing multiple class action lawsuits in the U.S. after a data breach that affected millions of its customers. A threat actor leaked customer data on hacker forums, including information such as account IDs, names, DNA profiles, and more. 23andMe claims the breach was due to credential-stuffing attacks on weakly secured accounts. Several lawsuits have been filed, accusing 23andMe of inadequate security measures and seeking financial compensation, credit monitoring, and other relief for the affected customers.
From the meeting notes, the key takeaway is that genetic testing provider 23andMe is facing multiple class action lawsuits following a data breach that impacted millions of its customers. The breach involved a leaked CSV file containing the data of nearly 1 million Ashkenazi Jews who had used 23andMe’s services. The file contained information such as account IDs, full names, sex, date of birth, DNA profiles, location, and region details. Although 23andMe claims that the breach occurred through credential-stuffing attacks on weakly secured accounts and not a direct security breach of their systems, lawsuits argue that the company failed to implement adequate security measures and protect customer data. The plaintiffs are seeking various financial reliefs and criticizing 23andMe for its lack of transparency regarding the security event.