Connecticut AG Takes Action on 23andMe Data Leak

by | Nov 11, 2023

Connecticut’s Attorney General, William Tong, is investigating genetic testing company 23andMe following a recent data breach that exposed user information. The breach has raised concerns about the company’s data security practices and its failure to inform AG Tong’s office promptly. AG Tong seeks clarification on measures to protect user data and reports of targeted ethnic groups.

As the first Asian descent statewide elected official in Connecticut, AG Tong is invested in protecting vulnerable groups, including ethnic minorities. Data breaches cost companies billions, and hackers now target businesses like 23andMe that collect personal data. This breach highlights the need for strong security measures and timely notification to AG offices.

AG Tong’s office is committed to safeguarding vulnerable groups, such as the elderly, minors, seniors, military members, and ethnic minorities. To enhance security, the office will inquire about multi-factor authentication at 23andMe, which requires multiple verifications for access.

A podcast featuring Chris Allen and Hannah Cornett from Cozen O’Connor’s State AG Group explores the breach’s implications and best practices for managing data security incidents. The podcast emphasizes proactive communication and coordination between AG and consumer notifications, recommending a data incident playbook outlining breach notification laws.

The exposed data includes users’ names, gender, birthdates, location, and genetic ancestry results. Cybercriminals may exploit this information in credential stuffing attacks, targeting users with shared passwords. Users should prioritize strong password hygiene and avoid reusing passwords on different platforms.

Connecticut holds companies accountable for data breaches, and AG Tong aims to protect user data. In his letter to 23andMe, he requests information on data security practices and breach details. A comprehensive Civil Investigative Demand (CID) may be issued, involving other states.

Attorneys General nationwide are vigilant in addressing breaches and advocating for proper consumer protection. Swift notification to AG offices is crucial for immediate action and preventing further harm. AG Tong’s proactive approach reflects the importance of data security in the digital age.

Data breaches have far-reaching implications, eroding public trust in companies handling sensitive information. As genetic testing services expand, businesses like 23andMe must prioritize robust security measures to protect data and maintain consumer confidence.

In conclusion, the 23andMe breach prompts action from Connecticut AG William Tong. Concerns about data security, delayed notification, and targeted ethnic groups necessitate increased vigilance. Businesses must invest in security measures and communicate proactively with AG offices and affected consumers.