DNA genetic testing company 23&Me allegedly knew about a cyberattack months before it was made public to its customer base,according to legal documents.
San Fransico-based biotechnology company 23andMe deals with crucial personal information including customer details, DNA, and family history of clients.
Data breach may have been known five months prior
Initially reported byTechCrunch, this would mean that for around five months, 23&Me already knew about the data breach, which originated as a threat posted on an unofficial 23&Me subreddit. Since this reveal, the company has not confirmed or provided reasoning as to why the cyber attack was allegedly dismissed for so long.
In recent developments, a class-action lawsuit against the company on behalf of Canadian-based law firms YLaw and KND Complex Litigation is being pursued, according toreports, in the Supreme Court of British Columbia. The lawsuit is a reaction to recentterms of servicechanges made by 23&Me since the data breach.
The update stipulates that customers must tell the company they disagree with the new TOS within 30 days, or they will be locked into the new terms. These changes could prevent 23&Me customers from suing the company, should another data breach occur in the future.
Rosalie Newcombe was a Senior Tech Writer on Dexerto’s UK team. Rosalie is an expert on all things handhelds, and has been picking them up since the original Game Boy, all the way up to the Steam Deck. They have covered hardware for PCGamesN and Custom PC.
