23 and Me blames victims for data breach?

23andMe, a genetic testing company, is facing over 30 lawsuits after a massive data breach, affecting nearly half of its customers. The breach, which initially compromised about 14,000 accounts through credential stuffing, eventually led to the exposure of 6.9 million users’ genetic and ancestry data. This widespread access was facilitated by users opting into the DNA Relatives feature, which shares data with people considered relatives on the platform.

In a controversial move, 23andMe blamed the victims, claiming that the breach resulted from users recycling passwords, not from the company’s security measures. Critics argue this stance overlooks the company’s responsibility to safeguard personal and genetic information against such attacks. Following the breach, 23andMe reset all customer passwords and mandated multi-factor authentication, which was previously optional. The company also modified its terms of service, seemingly to deter class action lawsuits and mass arbitration claims.

Jim Love
Jim Love
I've been in IT and business for over 30 years. I worked my way up, literally from the mail room and I've done every job from mail clerk to CEO. Today I'm CIO and Chief Digital Officer of IT World Canada - Canada's leader in ICT publishing and digital marketing.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web