MIAMI – Hackers who profit from stolen data have taken down a California-based consumer genetics company that millions of customers had trusted in the United States and Canada.
When 23andMe went public in 2021, The Wall Street Journal reported its valuation briefly topped $6 billion. On Wednesday, Nasdaq threatened to delist the personal genomics company valued at nearly $0 after a data breach resulted in class action lawsuits.
Recommended Videos
The company reported the “security concerns” in October. On Saturday, The New York Times reported a lawsuit that includes a plaintiff from Florida who alleged that the company failed to report that hackers had focused on users with Ashkenazi Jewish and Chinese ancestry and this had put him and others in danger.
The information of about a million users of Jewish ancestry and some 100,000 of Chinese ancestry was on the dark web’s Breach Forums, Wired reported in October. Hackers had been advertising the stolen data on another criminal forum in August, TechCrunch reported in October.
The company reported the breach went undetected from May to September and it applied to about half of their users.
The company’s defense: “Users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe. The incident was not a result of 23andMe’s alleged failure to maintain reasonable security measures.”