Close this search box.
23andMe blames data breach victims for hack

23andMe blames data breach victims for hack!

Prominent genetic testing company 23andMe has experienced a massive data breach. The security failure exposed a range of sensitive customer data, including names, birth years, relationship labels, the percentage of DNA shared with relatives, ancestry reports, and locations. 

Surprisingly, while many companies are apologetic following mass data breaches, 23andMe has blamed its users for the security violation. 

How did the 23andMe breach happen?

In 2023, hackers managed to access the accounts of around 14,000 23andMe customers. Rather than breaking into 23andMe’s systems, the criminals used emails and passwords stolen in other breaches to login to these accounts. The type of attack used in the 23andMe breach is called “credential stuffing “. It is popular with cybercriminals as around 21% of people use the same credentials when creating new accounts 

In a statement, rather than issuing the standard apology, 23andMe said that the affected users had “negligently recycled and failed to update their passwords”. So 23andMe appears to blame its customers for the security violation. 

However, even if you were to accept 23andMe’s argument, the 14,000 customers whose accounts were accessed by hackers are not the only victims in this case. 23andMe has a feature called ‘DNA Relatives’ that lets people automatically share data with other users if they are related in some way. The hackers took advantage of this feature to successfully access the private data of around seven million people. The genomics and biotechnology company will surely have a hard time blaming them for the mass privacy violation.  

23andMe says there is no merit to the lawsuits being made against it

To date, over 30 lawsuits have been filed against 23andMe for the breach. But the company continues to assert that there is no merit to these legal actions.  

According to 23andMe, any information that may have been accessed “cannot be used for any harm.” That’s despite the hackers offering the stolen data for sale on the dark web. 

It’s also somewhat ironic that 23andMe believes no harm can be caused by using the stolen data when it was stolen data that led to its customer’s accounts being accessed in the first place!  

Data protection lawyers in the UK also refute 23andMe’s claims that the stolen credentials are useless to criminals. According to legal firm KP Law, it “has seen victims of similar data breaches become the target of cybercriminals, with instances of phishing, fraud, and identity theft.” Accordingly, its data breach experts have strongly advised anyone involved in this breach to “be vigilant and take necessary precautions”.

Are you affected by the 23andMe data hack?

Millions of people are affected by the 23andMe data breach, including many in the UK. 23andMe has written to all affected users. If you have received this notification, you could qualify to join a no-win, no-fee group action claim. 

Our simple eligibility checker provides instant clarity. Answer a few straightforward questions, and you’ll know if you could qualify for a 23andMe data breach group action claim. 

Stay informed about compensation YOU could be entitled to!

Subscribe to our newsletter and get breaking news on the latest consumer injustices and group claims.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may also like:

In January 2024, the High Court ruled that drivers could sue BMW for fitting some diesel vehicles with devices that tricked emissions tests. The illegal devices made it seem like BMW’s diesel cars were less-polluting than they actually were.
The Equal Pay Act protects employees from unfair discrimination in the workplace. The law states that both men and women should be paid equally where they are doing the same job (or one of equal value). This means companies can't treat you differently based on your gender when it comes to pay.
After a cyberattack in March 2023, pension holders across the UK had their data stolen. In the wake of this breach, law firms are rallying to help those affected. Their mission: to pursue justice and secure compensation for victims of the Capita data breach.