23andMe Faces Lawsuit Over Data Breach Targeting Chinese and Ashkenazi Jewish Customers

The breach, undetected for five months, compromised nearly 7 million customers' data, raising concerns about potential misuse by extremist groups.

23andMe, a genetic testing company, is facing a class-action lawsuit over a data breach that compromised the personal information of nearly 7 million customers, specifically targeting those of Chinese and Ashkenazi Jewish heritage.
The breach, which occurred from late April to September 2023, was only discovered in October when a hacker posted a sample of the stolen data on a 23andMe subreddit.
The stolen data included names, birth dates, ancestry reports, and health-related data, and was reportedly compiled into curated lists that were shared and sold on the dark web.
Representative Josh Gottheimer (D-NJ) has called for an FBI investigation into the breach, expressing concerns about the leaked data’s possible use by extremist groups.
23andMe has been criticized for blaming customers for the breach, stating that they used recycled login credentials, and for changing its terms of service, making it harder for affected customers to sue the company.