23andMe blames data breach victims for hack

Millions of people in the UK affected by the 23andMe data breach

According to reports, the data profiles of over four million people living in Great Britain and Germany was stolen in the 23andMe data breach and leaked on a notorious dark web forum. Hackers claim the breach involves some of the “wealthiest people living in the US and Western Europe”, including the British royal family. Affected 23andMe users are now risk of fraud, scams and ID theft.

What happened in the 23andMe data breach?

  • In October 2023, 23andMe warned its users about a cyberattack and urged them to change their passwords and enable multi-factor authentication on their 23andMe accounts.
  • The criminals used emails and passwords stolen in other breaches to login to the accounts of around 14,000 23andMe customers, before exploiting the company’s ‘DNA Relatives’ feature to access the data of around seven million people.
  • A hacker called ‘Golem’ claimed to have uploaded some of the stolen data for sale. They said the information contained “tailored ethnic groupings, individualized data sets, pinpointed origin estimations, haplogroup details, phenotype information, photographs, links to hundreds of potential relatives, and most crucially, raw data profiles”.

In June 2024, the Information Commissioner’s Office (ICO), which is the UK’s privacy watchdog, announced an investigation into the 23andMe data breach alongside its Canadian counterpart, the Office of the Privacy Commissioner of Canada (OPC). This is good news for victims if the breach as it will help to establish exactly what happened. However, even if found guilty, the ICO and OPC does not award compensation to data breach victims. The only way to get justice and compensation for the hack is to join a 23andMe lawsuit.

What should UK victims of the breach do now?

If you are affected by the 23andMe data breach, you should:

  • Change the password for your 23andMe account and any other accounts that share the same or similar passwords.
  • Enable multi-factor authentication on you 23andMe account and any other accounts that share the same or similar passwords.
  • Keep a close eye on your bank statements, credit reports, and any other accounts as a precaution.
  • Be cautious of phishing attempts and only trust information from reliable sources.
  • If you notice any suspicious activity or believe you may have been a victim of identity theft or fraud, report it to Action Fraud.
  • Keep your devices and software up to date with the latest security patches and updates.

Join a 23andMe lawsuit

23andMe has written to all affected users. If you have received this notification, you could qualify to join a no-win, no-fee group action claim. Our simple eligibility checker provides instant clarity.

You may also like:

In January 2024, the High Court ruled that drivers could sue BMW for fitting some diesel vehicles with devices that tricked emissions tests. The illegal devices made it seem like BMW’s diesel cars were less-polluting than they actually were.
The Equal Pay Act protects employees from unfair discrimination in the workplace. The law states that both men and women should be paid equally where they are doing the same job (or one of equal value). This means companies can't treat you differently based on your gender when it comes to pay.
After a cyberattack in March 2023, pension holders across the UK had their data stolen. In the wake of this breach, law firms are rallying to help those affected. Their mission: to pursue justice and secure compensation for victims of the Capita data breach.

You might also like

UK Grindr users are joining a legal action following claims that the dating and hookup...
In 2023, Capita was hacked. The company provides admin and support services to hundreds of...
Tesco is under fire for not paying its store workers a fair wage. While distribution...

Did you know we have a newsletter?

Sign up for our newsletter to stay up to date.