Curated Content | Thought Leadership | Technology News

Search
Close this search box.

Sign In

Curated Content | Thought Leadership | Technology News

Update: 23andMe Data Breach, Months of Undetected Cyberattacks

From April to September of 2023.
Emily Hill
Emily Hill
Contributing Writer

Since our initial reports on the 23andMe data breach, significant developments have emerged, shedding more light on the extent and impact of the cyberattack. The genetic testing giant 23andMe disclosed the significant data breach went undetected for several months, starting from late April 2023 and lasting until September 2023. The breach, which exposed sensitive customer information, was only discovered after the stolen data surfaced online.

The breach involved bad actors using a technique known as credential stuffing to gain unauthorized access to customer accounts. This attack compromised the DNA Relatives and Family Tree profiles of millions of users, leaking sensitive data including customer names, birth dates, and health-related information. The company’s delayed response and subsequent actions, such as modifying its terms of service, have sparked widespread criticism and legal challenges.

Why it matters: This incident highlights critical vulnerabilities in data security and raises questions about the responsibility of companies in safeguarding sensitive customer information. It underscores the growing threats of cyberattacks in the era of digital health data and the importance of strong security measures to protect against such breaches. The response of 23andMe to the breach also sheds light on corporate accountability and the legal ramifications of data privacy violations.

  • Multiple class action lawsuits have been filed against 23andMe in the U.S. and Canada. Plaintiffs and legal experts have criticized the company’s attempt to limit legal recourse through terms of service changes.
  • Following the discovery of the breach, 23andMe advised affected users to change their passwords. The company also revised its terms of service, making it more challenging for customers to pursue legal action.
  • In response to the lawsuits, 23andMe also blamed users for reusing passwords and denied responsibility for the incident, claiming their security measures were adequate.

Go Deeper –> 23andMe admits it didn’t detect cyberattacks for months – Tech Crunch

23andMe’s data hack went unnoticed for months – Yahoo! Entertainment

Save

Save

Sign in to comment

×
You have free article(s) left this month courtesy of CIO Partners.

About TNCR

Manage My Account

Sign In

Profile

Saved Articles

Explore TNCR

STAY IN TOUCH

NationalCIOReview.com Copyright (c) 2024 All Rights Reserved.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Unlimited Access

Digital Annual

$10.00/ month

Billed Annually

Unlimited Access

Learn More

Orrick sign logo on headquarters facade of international law firm Orrick, Herrington and Sutcliffe LLP - San Francisco, California, USA - 2021
Orrick’s Expertise Tested: Data Breach Exposes Over 600,000 Client Records
Even the pros aren't safe.

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters