Reports are mounting that 23andMe's worst (privacy) nightmare may have become reality: User data - including genetic information - appears to have been stolen by the millions. Users:inside are now likely to ask themselves the question: What does this mean and how should one proceed?
What data does 23andme have?
The business principle of 23andme is actually relatively simple: users send the company a test kit with their DNA and receive comprehensively evaluated information about their genetic makeup in return. Among other things, this can concern the user's own ancestry, the identification of relatives, but also the recognition of certain health information (genetic defects, hereditary diseases, cancer risks). In addition, even small peculiarities such as muscle type, facial shape, taste or other characteristics can be read out.
What data was stolen?
On 10/10/2013, TechCrunch broke the news that 23andMe had reset all passwords after people on the hacker forums Hydra and BreachForums bragged about the hack and leaked some user data. One hacker claimed to be extorting 23andMe for a sum of $50 million for a 300 terabyte data set. Subsequently, Heise also reported on the hacks, stating that even the profiles of 23andMe founder Anne Wojcicki and her ex-husband, Google co-founder Sergey Brin, had been published. While 23andMe was late in responding to queries from TechCrunch, the company already published a post about the incident on its own blog on October 6, confirming unauthorized access to records. However, the actual extent of the hack is still in the dark. However, according to TechCrunch, at least one million users with Ashkenazi roots and 100,000 Chinese users were affected, which does not bode well. On the other hand, hackers often tend to exaggerate and it is not yet clear whether the stolen data can be used at all (encryption).
What does the data theft mean for you?
For the users of 23andMe, the news should be quite unpleasant. After all, one's own data records may contain sensitive information with which one can be exposed or blackmailed. Just imagine that you discover during your genealogical research that your grandparents may have been Nazi greats, or that your great-grandparents in the Bavarian mountain village may have been somewhat closer related than you would like. Consequently, hereditary diseases or other unpleasant factors could become known. Especially for people working in the political or intelligence field, the publication of the information could be particularly unpleasant and affect the profession. Theoretically, payment data provided for the payment of the TestKits could also be affected.
What claims are you entitled to?
The customers of 23andMe are not powerless in the face of what is happening. The European General Data Protection Regulation (GDPR) gives EU citizens extensive rights against the companies that store and process their data. If data leaks occur there due to inadequate security precautions as a result of hacks, they can both obtain information from the operators about the type and scope of the data leak and demand compensation for damages. Material damage is not always mandatory. Even a lasting feeling of insecurity can give rise to immaterial claims for damages. Unfortunately, the statutory provisions are not necessarily easy to understand or apply, as they are sometimes complex and depend on the interpretation of case law by the highest courts.
We enforce your claims for you
Therefore, legal advice and representation are highly recommended. We will be happy to assist you with our specialist legal expertise in this area and assert your claims.
GoldbergUllrich Lawyers 2023
Benno Gerwinn, Research Associate
