Lucas Ropek writes:
What happens when a company loses a bunch of user data? Typically, they apologize and sheepishly beg for forgiveness. Not so with 23andMe. The popular genomics company, which suffered a pretty terrible data breach last year, has instead opted to tell pissed off customers that they probably should’ve picked a better password if they didn’t want their data boosted.
To clarify, 23andMe is currently being sued—or, more accurately, legally attacked—by a large number of people due to the fact that droves of user accounts were compromised by cybercriminals last year. News of the breach originally broke in October, when customer data was posted for sale on the dark web. At that point, 23andMe told the public that only about 14,000 accounts had been compromised. However, later investigation revealed that, due to an internal data-sharing feature linked to those accounts, the real number of impacted people was probably something like 6.9 million.
So, yeah, people are naturally pretty pissed and, as a result, are trying to sue the company. The keyword here is “trying” because, due to some controversial inclusions in 23andMe’s terms of service agreement, mass litigation (like a class-action lawsuit) is quite difficult to achieve. Instead, the company’s TOS stipulates that users must forego the opportunity to sue the company and instead try their hand at “forced arbitration,” an alternative legal pathway that experts contend is heavily weighted in favor of corporations. Still, a number of class-action lawsuits have been filed against the company, apparently in an attempt to override its original agreement.
Humorously enough, not only is 23andMe opting to stay out of court, but it also seems to be denying it was the primary wrongdoer in the data breach.
Read more at Gizmodo.
h/t, Joe Cadillic