23andMe, a genetic data company, recently experienced a data breach in October. The affected individuals have now submitted the documents provided by the company’s lawyers for disclosure. The accompanying letter clarifies that this incident is not the fault of the company itself.
The initial report of this incident on October 6th revealed that the perpetrator used previously leaked passwords to gain access to 23andMe.com. The company’s attorneys stated that this was due to the users’ careless use of repeated passwords and failure to change them after other websites were hacked. It is important to note that this breach is not a result of the company’s failure to provide 2-factor authentication, which has been available since 2019 and has been mandatory for all users since the incident occurred. The letter also mentions that despite the leaked data potentially including DNA-related information, it does not pose any significant harm. Additionally, none of the leaked data includes social security numbers, driver’s license numbers, or any financial information.
Multiple groups of affected individuals are currently coming together to file lawsuits against the company. One copy of this letter has been sent to the attorney handling the case for one of these groups.
TLDR: 23andMe experienced a data breach due to users’ careless usage of passwords, but the company denies any responsibility. The leaked data does not include sensitive information, such as social security or financial details. Lawsuits are being filed by various affected groups.
Leave a Comment