Lawsuit Update: Woods Lonergan PLLC Pursues Class Action Against 23andMe for Massive Data Breach Affecting Millions

Posted on
By James Woods
Managing Partner

After hackers exploited the 23andMe Family Tree Feature in a massive credential-stuffing attack, the genetic data of subscribers and their non-subscribing family members were exposed.

Law Firm Newswire Article | July 10, 2024 | New York, New York 

woods lonergan lass action 23andMe

Woods Lonergan PLLC, a leading complex litigation law firm in New York, is representing plaintiffs impacted by the massive data breach at genetic testing company 23andMe.

James Woods, a partner at the firm, is pursuing claims against 23andMe alleging negligence in failing to implement reasonable data security measures, violations of state privacy laws and consumer protection statutes, and breach of contract. The class action litigation matters are currently pending in the Federal Court in California’s North District under Judge Jacqueline Scott Corley.

Woods explained the breach’s far-reaching impact:

“This isn’t just about 23andMe subscribers. The court filings allege that hackers’ use of credential stuffing has affected millions of non-subscribing family members through family connections. If proven true, this breach represents an unprecedented invasion of genetic privacy, affecting not just individual subscribers, but violating entire family networks across generations, without their consent.”

Key developments alleged in the case include:

  1. Hackers used credential stuffing, exploiting reused login credentials from other compromised websites to access approximately 14,000 23andMe accounts.
  2. The breach was then dramatically expanded through the exploitation of 23andMe’s “DNA Relatives” feature.
  3. Court documents claim that attackers leveraged these compromised accounts to scrape genetic data from 5.5 million DNA relatives’ profiles, and subsequently an additional 1.4 million users had their Family Tree profiles exposed.
  4. Compromised data includes names, email addresses, birth dates, genders, photos, locations, genetic ancestry results, DNA relatives data, family trees, and gene carrier status for diseases such as cystic fibrosis and Parkinson’s.
  5. The filings suggest that 1 million affected users were of Ashkenazi Jewish descent and 300,000 were of Chinese heritage, suggesting targeted data collection.
  6. The Connecticut Attorney General William Tong has opened an investigation into the 23andMe Data Breach, regarding the company’s compliance with the state’s recently adopted Connecticut Data Privacy Act (CTDPA). This investigation may prompt other state attorney generals to follow suit. Attorney General Tong stated that, 23andMe, “had not submitted a breach notification pursuant to Connecticut’s breach notification statute.”
  7. The UK’s Information Commissioner’s Office (ICO) and the Office of the Privacy Commissioner of Canada (OPC) have recently launched a joint investigation into the 23andMe data breach.

Attorney James Woods emphasized the severity of the breach:

“23andMe promised to safeguard the genetic profiles of our clients – information that reveals the very core of who they are. If the allegations are proven, this breach isn’t just a violation of data; it’s a betrayal of that fundamental trust. Now, our clients face a lifetime of potential consequences, from identity theft to genetic discrimination.”

He further warned,

“Cybercriminals could use this stolen genetic data to create convincing scams that prey on users’ fears about their health or ancestry. The data compromised here is highly sensitive, particularly given current world events and escalating tensions. This adds multiple layers of potential harm to an already serious situation.”

Woods noted that the gravity of the situation has led many plaintiffs to file under pseudonyms out of fear for their safety and privacy.

“The fact that individuals feel compelled to hide their identities while seeking justice underscores the deeply personal nature of this breach and the potential for long-lasting consequences,” he added.

“This case goes beyond typical data breaches,” Woods concluded. “It’s about the intersection of cybersecurity, personal privacy, and the evolving risks associated with genetic information in our digital age. The exploitation of the ‘DNA Relatives’ feature demonstrates how a vulnerability in one account can have exponential consequences in the realm of genetic data, affecting not just subscribers but their entire family networks.”

Individuals who believe they may have been affected by the 23andMe data breach, whether directly as subscribers or indirectly as non-subscribing family members, are encouraged to contact Woods Lonergan PLLC for a free confidential consultation.

Learn How We Can Help You Today Contact Us
About the Author

James Woods, Managing Partner of Woods Lonergan, holds more than 25 years of experience in corporate, real estate, and business legal matters. His expertise in handling negotiations, litigation, jury trials, and all forms of alternative dispute resolution spans multiple areas, including corporate, real estate, and commercial litigation. James actively represents dozens of Cooperative and Condominium Boards and serves as counsel to many Corporate Boards. Prior to founding the firm, James proudly served as an Assistant District Attorney for Nassau County and handled both jury and bench trials. With experience that also covers sophisticated transactions and complex acquisitions, James also serves as counsel to several domestic companies in a range of industries and commercial arenas, including real estate, insurance, banking, transportation, and construction. If you have any questions about this article you can contact attorney James Woods through his biography page.

Disclaimer: The information in this article and blog post (“post”) is provided for informational purposes only, and may not reflect the current law(s) in every jurisdiction. No information contained in this post should be construed as legal advice from Woods Lonergan PLLC or the individual author(s), nor is it intended to be a substitute for legal counsel on any subject matter. Nothing herein shall be construed to create an attorney-client relationship with Woods Lonergan PLLC. No reader of this post should act or refrain from acting on the basis of any information included in, or accessible through, this Post without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue from an attorney licensed in the recipient’s jurisdiction. This post is attorney advertising.
Attorney Advertising | Disclaimer | Privacy Policy
Website developed in accordance with Web Content Accessibility Guidelines 2.1.
If you encounter any issues while using this site, please contact us: 212.684.2500