In the Scam of the day for October 10, 2023 I informed you of a data breach at the genetic testing company 23andMe that compromised information of 6.9 million of its customers.  This week California Attorney General Rob Bonta announced he is suing Chrome Holding, the DNA testing firm that succeeded 23andMe after 23andMe filed for bankruptcy alleging the company was negligent in failing to secure its customers’ sensitive data.

The data breach was accomplished by what is called “credential stuffing” which is when the passwords of people that have been compromised in earlier data breaches are used to access data at another site.  Using a unique password for all of your accounts is essential for this very reason.  Failing to use a unique password for each of your accounts puts all of your accounts in jeopardy in the event of a data breach at any of your accounts.  And while this data breach does not appear to have been due to faulty security of 23andMe, they are to be faulted for failing to plan for such an attack and failing to encrypt the sensitive data they hold.

TIPS

The lesson for companies, particularly those holding sensitive personal information is to encrypt such data as a protection against inevitable cyberattacks.

The lesson for all of us as individuals is to first, make sure we use a unique password for each of our online accounts and second, to also use dual factor authentication so that even in the event that a hacker manages to learn our password, the hacker would not be able to access the account merely by using the password.

If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in our email address on the tab that states “Sign up for this blog.”