23andMe Blames Victims for Stolen Data in Latest Letter

And now the blame game begins for 23andMe.

In the aftermath of a colossal data breach affecting 6.9 million users, 23andMe finds itself entangled in more than 30 lawsuits from victims seeking accountability.

Instead of addressing the solution to implement to address the victims' concerns, the genetic testing firm is now putting the blame on them.

TechCrunch obtained a letter sent to a group of victims, revealing 23andMe's attempt to evade responsibility.

Breaching the Breach: Understanding the Data Compromise

23andMe Blames Victims For Their Stolen Data in Latest Letter
Almost 7 million users were affected by the data breach that hit 23andMe in 2023. Now, instead of addressing each concern of the victims, 23andMe blamed them for being responsible for their stolen data. Braňo from Unsplash

Acknowledging the hack in December, 23andMe disclosed that hackers had infiltrated the genetic and ancestry data of almost half of its customer base.

"Rather than acknowledge its role in this data security disaster, 23andMe has apparently decided to leave its customers out to dry while downplaying the seriousness of these events," one of the lawyers who represents the side of the victims, Hassan Zavareei said in a letter sent to TechCrunch via email.

Initially targeting 14,000 accounts, the hackers exploited credential stuffing—a technique involving known passwords associated with targeted customers.

Subsequently, they leveraged the DNA Relatives feature, compromising an additional 6.9 million users who had opted into data sharing.

Victim-Blaming: 23andMe's Alarming Response

23andMe's letter to victims alleges that users "negligently recycled and failed to update their passwords," absolving the company of security lapses. This contentious stance prompted criticism, with legal experts terming it a "shameless" attempt to shift blame onto the breach victims.

Responding to the victim-blaming approach, Dante Termohs, one of the affected 23andMe customers, expressed his disdain, calling the company's behavior "appalling."

The letter's assertion that stolen data couldn't cause monetary harm also drew scrutiny. Legal experts argue that the compromised data, even if excluding sensitive information, still poses risks and undermines 23andMe's accountability.

23andMe's Defensive Measures and Legal Maneuvers

Post-breach, 23andMe took corrective actions, resetting all customer passwords and implementing mandatory multi-factor authentication. However, the company's strategic change in terms of service aimed at complicating legal action by victims raised eyebrows.

Legal professionals condemned the move as a "cynical" effort to shield the company from collective legal challenges.

Persistence of Legal Action

Despite 23andMe's attempts to mitigate fallout and reshape its legal landscape, the surge in class action lawsuits signals a significant challenge.

The victims, unwilling to accept blame for the breach, are rallying against the company's tactics. As the legal battle intensifies, 23andMe's attempts to downplay the impact and deflect responsibility are met with increasing scrutiny.

Joseph Henry
Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics