23andMe told victims of data breach that suing is futile, letter shows
23andMe is “shamelessly” blaming victims of a data breach impacting 6.9 million users, a lawyer representing victims pursuing a class-action lawsuit, Hassan Zavareei, told TechCrunch.
Zavareei shared a letter from 23andMe lawyers that urged users suing to “consider the futility of continuing to pursue an action in this case,” because their claims are allegedly meritless and “the information that was potentially accessed cannot be used for any harm.”
Last year, hackers accessed 14,000 accounts on 23andMe by using passwords that had been previously breached during security incidents on other websites. By using this tactic, known as credential stuffing, hackers could access the personal data of millions of 23andMe users who opted into a DNA Relatives feature, including genetic information like the percentage of DNA shared with compromised users.