Amidst over 30 lawsuits stemming from its substantial data breach, 23andMe is facing criticism for deflecting blame onto the victims. In a letter sent to a group of affected individuals, the company seemingly attempts to absolve itself of responsibility by pointing fingers at the users. This move has been met with strong opposition from legal representatives and impacted users alike.
Details of the Breach:
In December, 23andMe acknowledged a significant data breach where hackers successfully pilfered the genetic and ancestry data of 6.9 million users, nearly half of its customer base. The breach originated with the compromise of around 14,000 user accounts through credential stuffing—a method involving known passwords associated with the targeted customers. Subsequently, the hackers accessed the personal data of the remaining 6.9 million victims who had opted into 23andMe’s DNA Relatives feature.
Blaming the Victims:
In a letter to a group of users involved in lawsuits against the company, 23andMe asserted that users were negligent in recycling and failing to update their passwords, distancing the breach from any alleged security lapses on its part. The letter claims the incident resulted from user actions, unrelated to 23andMe's security measures.
Legal Backlash:
Legal representatives representing the victims strongly criticized 23andMe's attempt to shift blame, labeling it as a shameless act of blaming the very individuals impacted by the data breach. They argue that 23andMe should have anticipated the use of recycled passwords and implemented safeguards to protect against credential stuffing.
23andMe's Defense:
In response to the accusations, 23andMe's lawyers argued that the stolen data is not capable of causing monetary harm to the victims. They emphasized that the compromised information related to the DNA Relatives feature and did not include sensitive data such as social security numbers, driver's license information, or financial details.
Conclusion:
The controversy surrounding 23andMe's response to the data breach illuminates the complexities of handling such incidents. As the legal battles unfold, the company faces not only the backlash from victims and their legal representatives but also questions regarding its approach to customer data protection and corporate responsibility.
Comments