23andMe reportedly deflected the blame on the victims of its recent massive data breach, last December. A letter acquired by TechCrunch was sent first to the group of victims.
Read Also: 23andMe Confirms Recent Hacking Incident Affects 6.9 Million Users
23andMe Suffers Massive Hacking Incident in 2023
Last month, 23andMe confirmed that the data breach affected 6.9 million of its users, accounting for almost half of its total customers. The incident happened two months earlier wherein the company's private user data has been seen on hacker forums.
While the hackers initially accessed 14,000 accounts, they were able to reach around 6.9 million victims, who are known to have opted for 23andMe's DNA Relatives feature. After a series of investigations, the company is accused of deflecting accountability.
"Rather than acknowledge its role in this data security disaster, 23andMe has apparently decided to leave its customers out to dry while downplaying the seriousness of these events," Hassan Zavareei, one of the lawyers representing the victims who received the letter from 23andMe, explained.
23andMe Cites Password Recycling as Major Factor for Hacking
In the letter, the company stated that the "users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe."
The company also remained firm that the hacking incident was not due to the company's failure but the lack of individual awareness to tighten the security of one's account.
Moreover, the company also argued that the stolen data is not enough to be used against the victim and the hackers cannot inflict monetary damage. The data obtained did not include the social security number, driver's license number, or any financial information of the victims.
Currently, 23andMe is facing over 30 lawsuits from the victims of the hacking incident.
Related Article: 23andMe Confirms Private User Data Leaked After Credential-Stuffing Attack
