23andMe agrees to $30M settlement over data breach that targeted Jewish and Chinese users
23andMe will pay $30M for a data breach targeting Ashkenazi Jews and Chinese customers, as a hacker named "Golem" leaked nearly 1M Jewish profiles, calling it "most valuable data."
The genetic testing company 23andMe has agreed to pay $30 million to American plaintiffs to settle a lawsuit over a data breach last year that specifically targeted customers of Ashkenazi Jewish and Chinese ancestry.
The breach, which occurred last October, affected more than 6.9 million customers and included users’ personal details such as their location, name and birthdate, as well as some information about their family trees. That data was shared on BreachForums, an online forum used by cybercriminals.
According to court documents, the data breach was revealed Oct. 6 after a hacker going by the pseudonym “Golem,” a reference to the Jewish mythical defender made of clay, published a link to a database labeled “ashkenazi DNA Data of Celebrities.” According to the lawsuit, the hacker referred to the list as “the most valuable data you’ll ever see,” though most of the names were not famous.
In total, 999,998 individuals with Ashkenazi heritage were included on the list, which also contained data from another 100,000 people with Chinese ancestry. “Golem” also claimed to possess the data of 350,000 users with Chinese heritage and offered to sell data from both sets of information for a fee.
According to the complaint, 23andMe did not disclose the full extent of the breach to its customers until December, when the company stated that the hackers were able to access the large number of accounts by initially hacking a smaller number of accounts, and then gaining access to information from other accounts through the site’s “Family Tree” and “DNA Relatives” features.
Court documents
Complainants alleged in court documents that in addition to their data being stolen, 23andMe misrepresented how secure its users’ data was. They alleged that the data “is now in the hands of cybercriminals and is readily available to download by anyone with access to the hacking forum.”
In a statement to the Jewish Telegraphic Agency, 23andMe said, “We continue to believe this settlement is in the best interest of 23andMe customers, and we look forward to finalizing the agreement.”
Jerusalem Post Store
`; document.getElementById("linkPremium").innerHTML = cont; var divWithLink = document.getElementById("premium-link"); if (divWithLink !== null && divWithLink !== 'undefined') { divWithLink.style.border = "solid 1px #cb0f3e"; divWithLink.style.textAlign = "center"; divWithLink.style.marginBottom = "15px"; divWithLink.style.marginTop = "15px"; divWithLink.style.width = "100%"; divWithLink.style.backgroundColor = "#122952"; divWithLink.style.color = "#ffffff"; divWithLink.style.lineHeight = "1.5"; } } (function (v, i) { });