23andMe Data Breach Lawsuit

Legal Representation for Victims of Data Breaches

The Data Breach Attorneys at Potter Handy Law Firm have the knowledge and resources to thoroughly examine your case, conduct an investigation into the breach, and, when needed, fight for justice.

Potter Handy LLP is currently reviewing cases on behalf of individuals affected by the 23andMe data breach. These individuals may have had their personal and confidential information illegally accessed by an unknown third party during the 23andMe data breach. Potter Handy LLP will conduct a complimentary assessment of your data breach claim in order to safeguard the rights and privacy of all those impacted by the 23andMe data breach.

We are only interested in claims that arose in Illinois. Contact us today by filling out the form on this webpage for a free consultation and to learn more about how we can help you with your case. Regrettably, we are unable to respond to phone inquiries. Thank you for your understanding. 


What Happened?

On Friday, October 6, 2023, 23andMe, a direct-to-consumer genetic testing company that provides ancestry and health reports, confirmed an ongoing investigation into a cyberattack. This incident led to unauthorized individuals gaining access of nearly 7 million of its customers and posted the data for sale on the dark web. The announcement regarding the 23andMe data breach followed a few days after stolen data began appearing for sale on a dark net marketplace.

In its website statement, 23andMe disclosed that it initiated an investigation and enlisted the assistance of third-party forensics experts. The preliminary findings indicate no breach of its systems. However, the breach notice acknowledged that an unauthorized third party had acquired certain information from users’ accounts. Although the website notice did not explicitly mention the sale of stolen data, 23andMe confirmed to certain media outlets that it is in the process of validating the listed data. The compromised data included names, gender, date of birth, genetic ancestry results, profile photos, and geographical location gathered from the DNA Relatives feature. Notably, it did not seem to include any raw genetic data. The hacker claimed to possess millions of data profiles, which were offered for sale, with the first identification of the listings made by a researcher on October 4, 2023.

“While we continue to investigate this matter, we believe threat actors were able to access certain accounts in cases where users reused login credentials. In other words, usernames and passwords used on 23andMe.com were the same as those used on other websites that had been previously compromised,” explained 23andMe in its website notice. “We suspect the threat actor may have, in violation of our Terms of Service, accessed 23andMe.com accounts without authorization and obtained information from specific accounts, including details about users’ DNA Relatives profiles for those who opted into that service.”

23andMe clarified that it actively monitors accounts for unauthorized access, investigates suspicious activities, and maintains security measures surpassing industry data protection standards. The company holds multiple ISO certifications, and since 2019, it has offered users multifactor authentication. The website notice was updated on October 9, 2023. “We are reaching out to our customers to provide an update on the investigation and to encourage them to take additional actions to secure their accounts and passwords. As a precaution, we are mandating all customers to reset their passwords and strongly recommending the use of multi-factor authentication (MFA).”

On November 30th, 2023, 23andMe modified its terms of service. In a communication sent to customers, the company mentioned that it has “streamlined arbitration proceedings where multiple similar claims are filed” and that the new procedures are meant to “encourage a prompt resolution of any disputes.” According to the updated terms, users who do not explicitly reject the new terms within 30 days of receiving notification will be deemed to have accepted them.

If you’ve received a notification regarding a concerning data breach, it is imperative to recognize the gravity of the situation. Your personal information could potentially be compromised, placing it within the reach of cybercriminals. Given this scenario, it is of utmost importance that you address this matter with a sense of urgency and contact our highly qualified Data Breach Lawyers. These attorneys can effectively protect your legal rights and ensure that those responsible for causing harm are held accountable.

By selecting a qualified Data Breach Lawyer in California, you can be assured that your interests are protected thoroughly during the entire case, providing you with peace of mind.


What Information Was Involved in the 23andMe Data Breach?

The investigation has concluded that the incident may have led to unauthorized access to certain confidential information.

The information at issue varies by individual and may include:

  • Names
  • Email addresses
  • Dates of birth
  • Gender
  • Profile photos
  • Geographic locations
  • DNA Relatives information (for approximately 5.5 million users)
  • Family Tree information (for approximately 1.4 million users)

Protecting Consumers’ Privacy Rights Following the 23andMe Data Breach

If you were notified that your information had been stolen as a result of the 23andMe data breach, you may be entitled to compensation or other remedies.

Don’t wait until it’s too late to protect your rights and seek compensation. Contact us today by filling out the form on this webpage for a free consultation and to learn more about how we can help you with your case. Our attorneys are available 24/7 and there are no out-of-pocket expenses for our clients. Let us help you seek justice and hold companies accountable for their negligence in protecting personal information. Regrettably, we are unable to respond to phone inquiries. Free Consultations 24/7No out-of-pocket expenses.