Lawsuit Update: Woods Lonergan PLLC Pursues Class Action Against 23andMe for Massive Data Breach Affecting Millions

Lawsuit Update: Woods Lonergan PLLC Pursues Class Action Against 23andMe for Massive Data Breach Affecting Millions

Jul 10, 2024

New York, New YorkWoods Lonergan PLLC, a leading complex litigation law firm in New York, is representing plaintiffs impacted by the massive data breach at genetic testing company 23andMe. James Woods, a partner at the firm, is pursuing claims against 23andMe alleging negligence in failing to implement reasonable data security measures, violations of state privacy laws and consumer protection statutes, and breach of contract. The class action litigation matters are currently pending in the Federal Court in California’s North District under Judge Jacqueline Scott Corley.

Woods explained the breach’s far-reaching impact: “This isn’t just about 23andMe subscribers. The court filings allege that hackers’ use of credential stuffing has affected millions of non-subscribing family members through family connections. If proven true, this breach represents an unprecedented invasion of genetic privacy, affecting not just individual subscribers, but violating entire family networks across generations, without their consent.”

Key developments alleged in the case include:

Hackers used credential stuffing, exploiting reused login credentials from other compromised websites to access approximately 14,000 23andMe accounts.

The breach was then dramatically expanded through the exploitation of 23andMe’s “DNA Relatives” feature.

Court documents claim that attackers leveraged these compromised accounts to scrape genetic data from 5.5 million DNA relatives’ profiles, and subsequently an additional 1.4 million users had their Family Tree profiles exposed.

Compromised data includes names, email addresses, birth dates, genders, photos, locations, genetic ancestry results, DNA relatives data, family trees, and gene carrier status for diseases such as cystic fibrosis and Parkinson’s.

The filings suggest that 1 million affected users were of Ashkenazi Jewish descent and 300,000 were of Chinese heritage, suggesting targeted data collection.

The Connecticut Attorney General William Tong has opened an investigation into the 23andMe Data Breach, regarding the company’s compliance with the state’s recently adopted Connecticut Data Privacy Act (CTDPA). This investigation may prompt other state attorney generals to follow suit. Attorney General Tong stated that, 23andMe, “had not submitted a breach notification pursuant to Connecticut’s breach notification statute.”

The UK’s Information Commissioner’s Office (ICO) and the Office of the Privacy Commissioner of Canada (OPC) have recently launched a joint investigation into the 23andMe data breach.

Attorney James Woods emphasized the severity of the breach: “23andMe promised to safeguard the genetic profiles of our clients – information that reveals the very core of who they are. If the allegations are proven, this breach isn’t just a violation of data; it’s a betrayal of that fundamental trust. Now, our clients face a lifetime of potential consequences, from identity theft to genetic discrimination.”

He further warned, “Cybercriminals could use this stolen genetic data to create convincing scams that prey on users’ fears about their health or ancestry. The data compromised here is highly sensitive, particularly given current world events and escalating tensions. This adds multiple layers of potential harm to an already serious situation.”

Woods noted that the gravity of the situation has led many plaintiffs to file under pseudonyms out of fear for their safety and privacy. “The fact that individuals feel compelled to hide their identities while seeking justice underscores the deeply personal nature of this breach and the potential for long-lasting consequences,” he added.

“This case goes beyond typical data breaches,” Woods concluded. “It’s about the intersection of cybersecurity, personal privacy, and the evolving risks associated with genetic information in our digital age. The exploitation of the ‘DNA Relatives’ feature demonstrates how a vulnerability in one account can have exponential consequences in the realm of genetic data, affecting not just subscribers but their entire family networks.”

Individuals who believe they may have been affected by the 23andMe data breach, whether directly as subscribers or indirectly as non-subscribing family members, are encouraged to contact Woods Lonergan PLLC for a free confidential consultation.

Woods Lonergan PLLC  is a leading New York litigation firm specializing in complex civil litigation, including class action data privacy and cybersecurity matters.

Woods Lonergan
One Grand Central Place
60 East 42nd Street, Suite 1410
New York, NY 10165
(212) 684-2500

Media Contact
Nancy Byrne


U.S. District Court, California Northern District.
Case Number: 3:24-md-03098

Established in 1993, Woods Lonergan is a leading New York City litigation firm. Our practice areas span commercial litigation, real estate law, corporate governance, as well as intricate legal disputes. Known for our business-focused approach, our attorneys provide tailored legal strategies for a diverse clientele, including business owners, real estate developers, cooperative and condominium boards, and companies across various sectors. Our seasoned attorneys adeptly manage a wide array of complex litigation scenarios, including employment and consumer class action claims, as well as property damage, and construction accident claims. Our dedication to excellence and client success has earned us a reputation for achieving exceptional results in complex legal matters.With a commitment to providing skilled and cost-effective representation, Woods Lonergan combines the personalized attention of a boutique firm with the capabilities to tackle sophisticated legal challenges, rivaling larger firms while maintaining competitive rates.

Woods Lonergan
60 East 42nd Street, Suite 1410
New York, NY 10165
Press Contact : Nancy Byrne

Distributed by Law Firm Newswire