Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Filter by Categories

23andMe Faces Legal Backlash Over Data Breach and Blames Victims

23andMe’s Data Breach: Victim Blaming Controversy

What Happened

Genomics company 23andMe faces over 30 lawsuits due to a major data breach involving sensitive personal information. This breach, revealed in October, involved the sale of customer data on the Dark Web. The cyberattack compromised nearly 7 million user accounts, indicating a significant security failure at 23andMe.

The company, however, is blaming the victims for the breach. They argue that customers reused and failed to update their passwords after previous security incidents.

About the 23andMe Attack

The attack began with hackers accessing around 14,000 user accounts through credential stuffing. This method involves using previously exposed passwords. The data breach then expanded, affecting an additional 6.9 million users of 23andMe. For more information about the breach, you can visit our news article.

The Arguments

Meanwhile, 23andMe’s lawyers claim the stolen data cannot cause monetary damage, a point that remains contentious among the victims.

23andMe maintains that the data breach was due to user negligence rather than their own security measures. In a letter to the affected users, the company stressed this point, shifting the blame onto the customers.

On the other hand, legal representative Hassan Zavareei criticized 23andMe stating that the company is avoiding responsibility and downplaying the breach’s severity.

23andMe knew or should have known that many consumers use recycled passwords and thus that 23andMe should have implemented some of the many safeguards available to protect against credential stuffing—especially considering that 23andMe stores personal identifying information, health information, and genetic information on its platform.

The lawyer indicates.



Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.