Biotech company 23andMe Inc. allegedly failed to protect the genetic information of thousands of people that was exposed in a data breach announced Oct. 6, a proposed federal class action said.
Monica Santana and Paula Kleynburd alleged that 23andMe, a provider of genetic testing services, maintained their personal information in a reckless manner and failed to use reasonable and adequate measures to keep their data safe.
Information exposed in the breach included names, sex, date of birth, genetic ancestry results, profile photos, and geographical location, according to a complaint filed Monday in the US District Court for the Northern District of California.
Some of the information has appeared for sale online, including that of prominent figures such as Mark Zuckerberg, Elon Musk and Sergey Brin, according to a press account cited in the lawsuit.
The company also failed to provide prompt and adequate notice of the incident, the complaint said. 23andMe didn’t respond immediately to a Bloomberg Law request for comment.
23andMe confirmed on Oct. 6 that genuine customer data was for sale on a hacker forum. A company spokesperson then told Bloomberg News that the company found no indication of a breach in its information systems.
Victims of the breach are now at increased risk of fraud and identity theft, and have suffered damages in the form of invasion of privacy, lost time and out-of-pocket expenses incurred responding to the breach, diminished value of their personal information, and lost benefit of the bargain with 23andMe, the complaint said.