Consumer DNA testing company 23andMe has been subjected to a massive hack and data theft, according to posts in cybercrime forum postings made in early October. The company is investigating whether data have indeed been stolen from its database of consumer information. The posts claim to have 20 million pieces of data, including DNA-related and other genetic information.
Why It Matters
Increasingly, privacy laws will govern breaches at any company; California's law, for example, allows consumers to sue data breach victim companies if they failed to use "reasonable" measures to protect the stolen data. In the case of DNA, genetic, medical, or any qualifying "biometric" data, we are also seeing a steady increase in separate state laws that protect such material and allow either large fines or direct suit for failures to keep it confidential. The claims about 23andMe, if true, may show the full force and effect of these expanded privacy laws for the first time; they are in place in states from coast to coast and will protect millions of consumers.
/Passle/61f3627a0c51c3165820f0e7/MediaLibrary/Images/5ff4a070535488111cdbfec9/2024-01-17-18-25-18-859-65a81b8e3f5d760a89621ac7.png)
