Three years ago, a man in Florida named JL decided, on a whim, to send a tube of his spit to the genetic testing site 23andMe in exchange for an ancestry report.
…
JL said he didn’t think much about the results until he learned of a huge breach at the company that exposed the data of nearly 7 million people, about half of the company’s customers. Worse, he later learned of a hacker going by the pseudonym “Golem” who had offered to sell the names, addresses and genetic heritage reportedly belonging to 1 million 23andMe customers with similar Ashkenazi Jewish heritage on a shadowy dark web forum.
JL, who asked to only be identified by his initials due to the ongoing privacy issues, is one of two plaintiffs listed in a recent class-action lawsuit filed in California against 23andMe. Plaintiffs claim the company failed to adequately notify users of Jewish and Chinese heritage after they were allegedly targeted. The lawsuit claims hackers placed those users in “specially curated lists” that could have been sold to individuals looking to do harm.
…
Months after it first became aware of the beach, 23andMe sent a letter to several customers taking legal action against the company. The company defended itself by saying there was no way the breach could lead to real-world problems: “The information that was potentially accessed cannot be used for any harm.” It also cast blame for the hack on users who “negligently recycled and failed to update their passwords”.