23andMe, a leading genetics firm, is facing a lawsuit from the California Attorney General's office over a 2023 DNA data breach. The lawsuit claims that the company downplayed the severity of the breach and paid a ransom to the attackers.
According to the lawsuit, the breach occurred in 2023 and exposed the sensitive genetic data of thousands of 23andMe users. The company allegedly paid a ransom to the attackers in exchange for the return of the stolen data, but failed to inform customers of the breach.
The lawsuit claims that 23andMe's actions were a 'disturbing' breach of trust with its customers. The company's failure to disclose the breach and its decision to pay a ransom to attackers has raised concerns about the security and integrity of genetic data.
The lawsuit is a significant development for the genetics industry, which has faced increasing scrutiny over the handling of sensitive genetic data. The case highlights the need for companies to prioritise data security and transparency in the wake of a breach.
The lawsuit is also a reminder of the importance of robust data protection laws and regulations. In the UK, the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) provide a framework for the handling of personal data, including genetic information.