A class action lawsuit against the DNA-testing company claims it didn’t notify customers that their personal information had made it onto the dark web.
For five months last year, hackers penetrated the security of the DNA-sequencing company 23andMe, resulting in customer data appearing for sale in “curated” lists that focused on Chinese customers and Ashkenazi Jews.
A new class action suit filed in San Francisco on Jan. 26 seeks to hold 23andMe responsible for not protecting users’ private information and not notifying them of the breach. The company apparently didn’t learn about the crime until a hacker posted on Reddit revealing some of the stolen information.
The alleged hacker goes by the name “Golem” and uses an avatar of the villain from “The Lord of the Rings” films. He claimed to have 350,000 profile records for Chinese users. On Oct. 17, he said he possessed data on “wealthy families serving Zionism” that he offered to sell.
“The leaked data could empower Hamas, their supporters and various international extremist groups to target the American Jewish population and their families,” said Rep. Josh Gottheimer (D-N.Y.).
The breach reportedly resulted from the “recycling” of passwords. Other websites that leaked passwords enabled hackers to use those passwords to gain access. Through this method, hackers gained access to data from some 6.9 million accounts.
