Imagine you’ve entrusted your DNA information to a company only to find out that it’s been compromised. That’s exactly what happened to millions of 23andMe customers recently, leaving them feeling vulnerable and betrayed. And now, as if adding insult to injury, the company is trying to make it harder for users to sue them in response to the breach.
In October, an attacker attempted to sell the data of 23andMe customers, and when they couldn’t find a buyer, they leaked it instead. The breach affected 1 million Ashkenazi Jews and 4.1 million people living in the United Kingdom.
Our IT Services discovered that the data was obtained through credential stuffing attacks to breach customer accounts. Using a handful of these accounts, the attackers used the ‘DNA Relatives’ feature to scrape the data of millions of individuals.
23andMe has since confirmed that a total of 6.9 million people were impacted by the breach — 5.5 million through the DNA Relatives feature and 1.4 million people through the Family Tree feature.
23andMe’s sneaky move to avoid lawsuits
Understandably, the breach has led to numerous lawsuits against the company. In response, 23andMe updated its Terms of Use on November 30th to include a provision stating that mandatory arbitration is required for all disputes, rather than jury trials or class action lawsuits.
The updated Terms of Use read: “These terms of service contain a mandatory arbitration of disputes provision that requires the use of arbitration on an individual basis to resolve disputes in certain circumstances, rather than jury trials or class action lawsuits.”
Customers received emails about this change, stating that they have up to 30 days from the notification to notify 23andMe at [email protected] if they disagree with the new terms. Those who send an email disputing the update will remain on the previous Terms of Service.
However, according to Nancy Kim, a Chicago-Kent College of Law professor, this change in the Terms of Use will likely not protect 23andMe from lawsuits, as it will be difficult to prove that they gave reasonable notice to opt out of the new terms.
Don’t let your business become the next 23andMe
As a business owner, you don’t want to find yourself in 23andMe’s shoes. A major breach like this can be disastrous for your reputation and customer trust. The good news is that you can take steps to protect your business from cyber attacks. That’s where we come in.
At ZZ Servers, we specialize in cybersecurity solutions tailored to your business needs. With our expertise, you can rest assured knowing that your business and customer data are safe from cyber threats.
Don’t wait until it’s too late. Reach out to us today to learn how we can help protect your business and give you peace of mind.
