23andMe data breach overview:
- Who: Plaintiff Alyson Hu filed a class action lawsuit against 23andMe Inc.
- Why: 23andMe allegedly failed to take adequate cybersecurity measures to protect customers’ sensitive information from cybercriminals, resulting in a data breach that may have affected nearly 7 million individuals.
- Where: The 23andMe class action lawsuit was filed in Illinois federal court.
Genetic testing company 23andMe Inc. faces another class action lawsuit following an Oct. 6 data breach.
Unauthorized actors reportedly accessed 23andMe accounts, including millions of customers’ sensitive Personal Identifiable Information (PII), such as their names, usernames, regional locations, birth years, profile pictures and ethnicities.
Plaintiff Alyson Hu, a 23andMe customer, filed the 23andMe data breach class action lawsuit Dec. 26. She previously received notice her PII had been compromised.
“Since the [23andMe data breach] occurred, several news sources have reported that threat actors listed mass amounts of the stolen data for sale on the dark web,” Hu alleges. “Defendant has failed to address these reports, failed to inform victims when and how the data breach occurred and has even failed to say whether the security threat is still a risk to customers.”
Plaintiff argues adequate cybersecurity measures could have prevented 23andMe data breach
23andMe offers customers personalized genetic reports that include ancestry composition, DNA relatives, genetic health predispositions, genetic traits and other individualized genetic information.
To register for 23andMe genetic testing, customers purchase a genetic testing kit and provide 23andMe with detailed information about themselves. 23andMe then collects further individualized genetic information from customers, including their saliva sample information.
However, 23andMe failed to adopt adequate cybersecurity measures to protect customers’ PII from unauthorized actors, Hu alleges.
Genetic testing companies are “treasure troves” of sensitive information and therefore valuable targets for cybercriminals, the 23andMe class action lawsuit claims.
The lawsuit also alleges 23andMe has not been forthcoming with information about the data breach and attempted to blame customers with “recycled login credentials.”
While the threat actors accessed a limited number of 23andMe accounts, Hu says the cybercriminals accessed the PII of nearly 7 million individuals through 23andMe’s DNA relatives feature.
As a result of the 23andMe data breach, customers like Hu face the risk of identity theft well into the future and must spend time and money to mitigate the damage.
The 23andMe class action lawsuit asserts claims for negligence and violation of the Illinois Genetic Information Privacy Act.
A separate consumer filed a 23andMe data breach class action lawsuit in October, shortly after 23andMe announced the breach.
Were you affected by the 23andMe data breach? Tell us about your experience in the comments.
Hu is represented by Katrina Carroll of Lynch Carpenter LLP and Jonathan M. Jagher, Michael E. Moskovitz and Nia-Imara Barberousse Binns of Freed Kanner London & Millen LLC.
The 23andMe data breach class action lawsuit is Alyson Hu v. 23andMe Inc., Case No. 1:23-cv-17079, in the U.S. District Court for the Northern District of Illinois.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
69 thoughts on23andMe hit with another class action lawsuit over data breach
Someone contacted me saying they were my cousin and I ended up getting hacked
I have received email saying my information might have been compromised and that there is update to the the privacy and Terms of Service which got sent to my junk mail. If I didn’t respond to that within a certain time frame, it would be assumed to be accepted. I replied and declined the revisions. This isn’t fair. Add me to the class action
I got a email that someone had stolen information out of my medical file
That is not fair they have stole my personal information. Something need to be dead about that.
I am saying that someone has stolen my information. I am very upset with the situation. Please get in contact with me.
I have used this service before.
I purchased years ago and i cannot get into my account to check possible relations anymore.I even emailed them and have not recieved a response.
I purchased the 23 and me for myself and both my parents and received a letter stating our information was taken dye to Ashkenazi Jewish gene , I do have the email from 23 and me.
I have purchased 2 kits just in 2023 and I came back with a percentage of Ashkenazi Jewish DNA. What makes it even worse is that my information was found in the dark web a few months ago.
Add me please
I have bought 5 for gifts as well as my own all orders under my name. Please keep ne informed