+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Genetic testing giant 23andMe is reportedly turning the blame back on its customers for its recent data breach

Jan 4, 2024, 21:54 IST
Business Insider
Genetic testing giant 23andMe has reportedly turned the responsibility for its latest data breach back on its customers.ERIC BARADAT/Getty Images
  • Hackers stole the data of millions of 23andMe customers in a data breach in October.
  • The hackers used previously compromised login credentials to access the data.
Advertisement

Over the past few months, genetic testing giant 23andMe has been investigating exactly how the data of millions of its users was compromised in a data breach back in October.

Now, after being hit by a series of class action lawsuits from victims of the breach, the company is reportedly turning the blame back to the users — telling them they should have been more cautious about recycling their login credentials.

"Users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe," the company told a group of victims in a letter initially reported by TechCrunch. "Therefore, the incident was not a result of 23andMe's alleged failure to maintain reasonable security measures under the CPRA." The CPRA — otherwise known as the California Privacy Rights Act — strengthened security measures for consumers to stop businesses from sharing their personal information.

The hackers initially got access to around 14,000 accounts using previously compromised login credentials, but they then used a feature of 23andMe to gain access to almost half of the company's user base, or about 7 million accounts, the company previously told Business Insider.

One 23andMe customer impacted by the breach told TechCrunch that it's "appalling that 23andMe is attempting to hide from consequences instead of helping its customers."

Advertisement

The legal parties representing the victims aren't thrilled with the company's response either. "Rather than acknowledge its role in this data security disaster, 23andMe has apparently decided to leave its customers out to dry while downplaying the seriousness of these events," Hassan Zavareei, one of the lawyers representing the victims who received the letter from 23andMe, told TechCrunch. He and 23andMe did not respond to Business Insider's requests for comment.

Following the breach, the company asked all its users to reset their passwords and set up additional security measures like two-factor authentication, according to its website. It also noted that it now requires all new and existing customers to log in to their accounts using two-step verification.

In October, the company said the results of its preliminary investigation showed no indication of a data security incident within its systems. The company has reiterated that through the investigation.


You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article