Your tip
RadarOnlineRadarOnline
or
Sign in with lockrMail
BREAKING NEWS
Exclusive

23andMe Slammed With Class Action Lawsuit After Millions Of Profiles Breached In Cyber Attack

andme promo photo
Source: 23andMe

Dec. 19 2023, Published 1:30 p.m. ET

Link to FacebookShare to XShare to FlipboardShare to Email
Getting your Trinity Audio player ready...

The genetic testing company 23andMe was slammed in a class action lawsuit in California after cyber thieves gained access to personal data for at least a million clients, RadarOnline.com can exclusively reveal.

The lawsuit claimed the popular DNA company “intentionally, willfully, recklessly, or negligently” failed to implement adequate safety measures to protect its customers whose birth year, location and ancestry trees were exposed during the attack.

“On no later than October 6, 2023, unauthorized third-party cybercriminals gained access to the Class members’ and, on information and belief, Plaintiff’s PII (personally identifiable information) as hosted with Defendant, with the intent of engaging in the misuse of the PII, including marketing, disseminating, and selling Plaintiff’s and the Class members’ PII (the 'Data Breach'),” stated the lawsuit filed in Orange County Superior Court.

Article continues below advertisement
andme slammed with class action lawsuit after cyber attack
Source: Orange County, CA Superior Court

23andMe was slammed with a class action lawsuit after an October cyber-attack.

“The total number of individuals who have had their data exposed due to Defendant’s failure to implement appropriate security safeguards is unknown at this time but is estimated to be approximately 1,000,000 individuals at a minimum.”

“An undoubtedly nefarious third party that seeks to profit off this disclosure by defrauding Plaintiff and the Class members in the future.”

The lawsuit was filed in Orange County because the lead plaintiff and alleged victim, Dhaman Gill, lives in Newport Beach, according to the claim.

Article continues below advertisement
andme slammed with class action lawsuit after cyber attack
Source: Orange County, CA Superior Court

The cyber crooks gain access to data belonging to millions of profiles.

Article continues below advertisement

“Plaintiff, as a result of the Data Breach, has increased anxiety for his loss of privacy and anxiety over the impact of cybercriminals accessing, using, and selling his PII,” the lawsuit stated.

“Plaintiff has suffered imminent and impending injury arising from the substantially increased risk of fraud, identity theft, and misuse resulting from, on information and belief, his PII being placed in the hands of unauthorized third parties/criminals.”

The San Francisco area based company reported the breach to the Securities and Exchange Commission and claimed hackers used old passwords to first breach about 14,000 profiles. From there the cyber crooks branched out and siphoned data from millions of other customers.

Never miss a story — sign up for the RadarOnline.com newsletter to get your daily dose of dope. Daily. Breaking. Celebrity news. All free.

MORE ON:
court

DAILY. BREAKING. CELEBRITY NEWS. ALL FREE.

Article continues below advertisement
andme slammed with class action lawsuit after cyber attack
Source: Orange County, CA Superior Court

A Newport Beach, CA man is the lead plaintiff in the lawsuit accusing 23andMe of negligence.

Article continues below advertisement

23andMe is in the process of providing notification to users impacted by the incident as required by applicable law,” the firm stated in its disclosure report to the SEC.

“While no company can ever completely eliminate the risk of a cyber-attack, the Company has taken certain steps to further protect its users’ data. For example, on October 10, 2023, 23andMe required all users to reset their passwords, and on November 6, 2023, 23andMe required all new and existing users to login into the 23andMe website using two-step verification going forward.”

Article continues below advertisement
andme slammed with class action lawsuit after cyber attack
Source: Orange County, CA Superior Court

The lawsuit seeks unspecified compensatory damages.

Article continues below advertisement

The lawsuit, which seeks unspecified compensatory damage, also demanded that 23andMe scrub its client’s personal information to prevent future attacks or prove it can protect the stored data.

“Defendant (must) delete and purge the PII of Plaintiff and the Class members unless Defendant can provide to the Court reasonable justification for the retention and use of such information when weighed against the privacy interests of Plaintiff and the Class members.”

More From Radar Online

    Opt-out of personalized ads

    © Copyright 2024 RADAR ONLINE™️. A DIVISION OF MYSTIFY ENTERTAINMENT NETWORK INC. RADAR ONLINE is a registered trademark. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Service, Privacy Policy and Cookies Policy. People may receive compensation for some links to products and services. Offers may be subject to change without notice.