23andMe, a supplier of genetic testing, is facing several class action lawsuits in the United States as a result of a significant data breach that may have affected millions of its clients.
A threat actor posted 23andMe customer data to hacker forums at the end of last month in a CSV file called “Ashkenazi DNA Data of Celebrities.csv.”
The file purportedly included information from about a million Ashkenazi Jews who had utilized 23andMe services to learn more about their genetic predispositions, heritage, and other topics.
Even if platform users choose to enable the opt-in functionality, not all of them agree that the company shouldn’t be required to install protective layers because of the danger inherent in internal data exchange.
In this instance, even though many users followed best practices for security by choosing strong, one-of-a-kind passwords and turning on two-factor authentication, they were nonetheless vulnerable, and their private information was revealed on forums dedicated to crimes.
“At all relevant times, Defendant had a duty to Plaintiffs and Class Members to properly secure their PII, encrypt and maintain such information using industry-standard methods, train its employees, utilize available technology to defend its systems from invasion, act reasonably to prevent foreseeable harm to Plaintiffs and Class Members, and to promptly notify Plaintiffs and Class Members when Defendant became aware that their PII may have been compromised.” – Santana v. 23andMe, Inc.
Â