23andMe Faces Lawsuit as Hackers Sell Information on Users with Ashkenazi Jewish and Chinese Heritage

23andMe, the DNA testing company, is facing a lawsuit after it was accused of failing to notify users with Ashkenazi Jewish and Chinese heritage that they were specifically targeted in a data breach last year. The breach, which occurred between May and September of 2023, was initially disclosed by the company in an October 6 blog post. According to the post, the hackers gained access to user information by targeting individuals who reused the same username and password across multiple websites.

In an update to the blog a few days later, 23andMe stated that it was investigating the breach with the assistance of third-party forensic experts and federal law enforcement officials. The investigation was completed in December, revealing that approximately 14,000 accounts had been compromised due to recycled passwords. Through these breached accounts, the hackers were able to collect additional information through 23andMe’s Family Tree feature and DNA Relatives feature, which allow users to share data with potential genetic relatives. This included the names, locations, and birthdays of other individuals.

Shocking revelations emerged when 23andMe announced that the hackers had gained information on a total of 6.9 million accounts, which accounts for nearly half of the company’s customers. However, what is particularly concerning is that at no point did 23andMe mention that the hackers had specifically targeted individuals with Chinese or Ashkenazi Jewish heritage.

Last week, it was revealed that 23andMe had sent a letter to affected users, informing them of the breach. However, the letter failed to mention that the information being shared on the dark web primarily targeted Ashkenazi Jews. This is especially troubling given the surge in antisemitism following an attack by Hamas on Israel and the subsequent war. Jewish individuals have been subjected to verbal and physical abuse in many countries, including the United States where 23andMe is based.

One victim of the data breach, identified as J.L. from Florida, expressed his fears that the stolen information could be used against him and his family, especially with the rise in antisemitism. He stated that he was deeply concerned that the data could be purchased by individuals seeking to harm Jewish people based on their heritage or religion. Furthermore, he worried that the leaked data could empower Hamas and its supporters to target American Jews and their families.

As the lawsuit unfolds, it is possible that other companies could be implicated in 23andMe’s data breach, similar to the lawsuit filed against DNA testing company Sequencing in August. This raises questions about the scope of the issue and whether individuals who are not direct customers of 23andMe may have been affected.

The implications of this data breach are far-reaching and have serious consequences for the affected individuals. It is crucial that companies like 23andMe take swift and robust action to prevent such breaches in the future. The privacy and security of customer data should always be a top priority to ensure the trust and confidence of users.