NEWS  Security  December 7, 2023  Reading time: 2 Minute(s)

Max (RS editor)

A proposed class-action lawsuit against 23andMe is gaining momentum in Canada, as the genetic testing company reveals a more extensive data breach than initially reported. The breach, affecting approximately 6.9 million profiles, nearly half of the client base, has sparked concerns about the compromised security of sensitive personal information.

Initially downplayed by the company in early October, the hack exposed clients to the loss of intimate details, including birth year, geographic location, health information, and the percentage of DNA shared with relatives. A British Columbia man, leading the proposed class-action claim, alleges that 23andMe failed to adequately safeguard customer data, emphasizing the intimacy and gravity of the information at stake.

The breach, a wake-up call in an era where information is treated as currency, especially for highly sensitive data like genetic details, raises questions about the risks associated with sharing such information with testing companies. Teresa Scassa, a Canada Research Chair in Information Law and Policy at the University of Ottawa, warns against such data exchanges, advocating for increased caution.

23andMe, like other genetic testing services, relies on saliva samples to generate reports on ancestry and potential health predispositions. The breach, which initially affected 0.1% of the client base, saw hackers exploiting old, compromised passwords to gain unauthorized access. Subsequently, the intruders accessed approximately 5.5 million DNA relative profiles, compromising information such as display names, login details, and predicted relationships.

While 23andMe has not yet responded to the lawsuit in court or disclosed the number of affected Canadian users, the company assures that existing customers will be prompted to reset passwords and implement two-step verification. However, the breach has prompted concerns about the potential misuse of the compromised data.

Lawyer Sage Nematollahi, handling the proposed class action in Toronto, emphasizes the belief that customers were not properly treated and may have suffered harm. Despite the lack of reported inappropriate data use, the company faces allegations of negligence and breach of privacy and consumer laws.

Experts recommend users in Canada file complaints with local privacy commissioners or consider participating in the class-action lawsuit. However, the efficacy of these measures is debated, with some arguing they are more geared towards incentivizing companies to improve rather than compensating affected clients.

The plaintiff in British Columbia seeks accountability from 23andMe, demanding the company atone for any negligence contributing to the breach. While the class-action lawsuit is open to Canadian clients, none of the claims have been proven in court, awaiting certification by a judge before proceeding.

As debates on privacy and data security intensify, the broader question emerges: in an era driven by powerful technologies fueled by personal data, is the risk of sharing sensitive information worth the potential benefits? A man from British Columbia, still receiving emails about relatives joining the site, underscores the urgency of holding companies accountable in safeguarding valuable genetic information.

 IMAGES BY FREEPIK | RAWPIXEL.COM| WIRESTOCK 

SPONSORED

PROTECT YOUR PRIVACY WITH MCAFEE PREMIUM INDIVIDUAL SPECIAL PRICE - 80% OFF