Brother
Professional
- Messages
- 2,590
- Reaction score
- 496
- Points
- 83
Why didn't the company manage to protect user data and admit its guilt?
In October 2023, 23andMe admitted that its users ' genetic data was leaked. Since then, the company has been hit by a wave of lawsuits. According to The New York Times, one of the lawsuits accuses 23andMe of failing to provide information to customers that they were targeted by hackers because of their Chinese and Jewish (Ashkenazi) origin. According to the plaintiffs, the results of these users genetic tests were compiled into lists and published on the dark web.
The lawsuit is filed in federal court in San Francisco after the company disclosed that the hack went undetected for several months. Hackers have been using leaked data to access customer accounts since April 2023.
The company only discovered the breach in October, when hackers posted the names, home addresses, and birth dates of one million users with Ashkenazi ancestry on the BreachForums forum.
In addition, after requesting access to "Chinese accounts", hackers posted information about 100,000 Chinese users and claimed access to 350,000 profiles that are ready to be published with sufficient interest. In mid-October, the same hackers posted data on a forum about "wealthy families supporting Zionism" after the bombing of the Al-Ahly Arab hospital in Gaza.
The plaintiffs emphasize that "the current geopolitical and social climate increases the risks" for users whose data was disclosed, including their names and addresses. They demand that the case be considered by a jury and compensation for moral and material damage.
It is worth noting that 23andMe in its public statements several times emphasized that hackers did not gain access directly to its systems. Allegedly, the hack was limited to specific user accounts and was carried out due to data leaks from other platforms.
However, who, if not 23andMe, should ensure the security of their customers ' data? Obviously, the company should have forcibly implemented additional methods of protecting accounts, especially with an eye to what kind of information the company stores on its servers.
In October 2023, 23andMe admitted that its users ' genetic data was leaked. Since then, the company has been hit by a wave of lawsuits. According to The New York Times, one of the lawsuits accuses 23andMe of failing to provide information to customers that they were targeted by hackers because of their Chinese and Jewish (Ashkenazi) origin. According to the plaintiffs, the results of these users genetic tests were compiled into lists and published on the dark web.
The lawsuit is filed in federal court in San Francisco after the company disclosed that the hack went undetected for several months. Hackers have been using leaked data to access customer accounts since April 2023.
The company only discovered the breach in October, when hackers posted the names, home addresses, and birth dates of one million users with Ashkenazi ancestry on the BreachForums forum.
In addition, after requesting access to "Chinese accounts", hackers posted information about 100,000 Chinese users and claimed access to 350,000 profiles that are ready to be published with sufficient interest. In mid-October, the same hackers posted data on a forum about "wealthy families supporting Zionism" after the bombing of the Al-Ahly Arab hospital in Gaza.
The plaintiffs emphasize that "the current geopolitical and social climate increases the risks" for users whose data was disclosed, including their names and addresses. They demand that the case be considered by a jury and compensation for moral and material damage.
It is worth noting that 23andMe in its public statements several times emphasized that hackers did not gain access directly to its systems. Allegedly, the hack was limited to specific user accounts and was carried out due to data leaks from other platforms.
However, who, if not 23andMe, should ensure the security of their customers ' data? Obviously, the company should have forcibly implemented additional methods of protecting accounts, especially with an eye to what kind of information the company stores on its servers.
