The organization that runs the popular 23&Me genetic identification screening service should pay for allegedly allowing customer information to be accessed in a data breach, according to a federal class action lawsuit.
It is one of numerous suits filed against the organization in the U.S. District Court for the Northern District of California in San Francisco over the data breach, which the company announced Oct. 6.
"The exposed private Information may include names, sex, date of birth, genetic ancestry results, profile photos and geographical information," says the lawsuit states. "However, Defendant has not disclosed when this data breach occurred and for how long."
The suit accuses 23&Me of "intentionally, willfully, recklessly, or negligently failing to take adequate and reasonable measures to ensure their data systems were protected against unauthorized intrusions."
The company failed to practice "reasonable or adequately robust computer systems and security practices to safeguard customers’ private Information," the suit alleges. "Plaintiffs and class members have suffered identity theft and fraud, have had to spend—and will continue to spend—significant amounts of time and/or money in an effort to protect themselves from the adverse ramifications of the datab breach, and will forever be at a heightened risk of identity theft and fraud."
The suit seeks compensatory damages for identity theft, fraud, and time spent, reimbursement of out-of-pocket costs, adequate credit
monitoring services, plus attorney fees.
The plaintiffs are represented by attorneys David S. Casey, Gayle M. Blatt and P. Camille Guerra, of the firm Casey, Gerry, Schenk, Francavilla, Blatt & Penfield, LLP.
Eden et al v. 23 and Me Inc., U.S. District Court, Northern District of California, 3:23-cv-05200