23andMe, the genetic testing company, is facing backlash for allegedly shifting the blame onto its customers following a massive data breach. The company is accused of downplaying the severity of the breach and attempting to evade responsibility for the compromised data of millions of users.
Key Takeaway
23andMe is under scrutiny for allegedly blaming its customers for a significant data breach, raising concerns about the company’s approach to user data security.
Blaming the Victims
In response to more than 30 lawsuits from data breach victims, 23andMe has reportedly sent a letter to a group of victims, insinuating that the breach was a result of users’ negligence. The company allegedly claimed that users had recycled and failed to update their passwords, attributing the breach to the customers themselves rather than acknowledging its own security shortcomings.
The Data Breach
Last December, 23andMe disclosed that hackers had stolen the genetic and ancestry data of 6.9 million users, nearly half of its customer base. The breach initially began with hackers gaining unauthorized access to around 14,000 user accounts through a technique known as credential stuffing. Subsequently, the hackers were able to exploit the DNA Relatives feature, compromising the personal data of the remaining 6.9 million customers.
Victims’ Response
Attorneys representing the victims have condemned 23andMe’s attempt to shift blame, emphasizing that the company should have implemented stronger security measures to protect its users’ data. One affected customer described the company’s response as “appalling” and accused 23andMe of evading accountability.
