23andMe to hacking victims: it's your fault because you reused passwords

Great news! That massive, roughly 7 million people-strong data breach from late last year is your fault, not the 23andMe's. You know your genetic lineage and racial makeup information is in good hands when the company in charge of it immediately lays the blame on the victim. Maybe you should have added a "123" or a "!"to your password, like they told you the last time hackers poked around your DNA website. 23andMe, of course, made this statement following a rash of class-action lawsuits regarding the mishandling. Said the company in a letter to victims, "Users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe,". Why don't I find this response satisfactory? I mean, I know it's usually my fault when a multi-million dollar company that I have no holdings in gets hacked, but something isn't right this time.

The legal parties representing the victims aren't thrilled with the company's response either. "Rather than acknowledge its role in this data security disaster, 23andMe has apparently decided to leave its customers out to dry while downplaying the seriousness of these events," Hassan Zavareei, one of the lawyers representing the victims who received the letter from 23andMe, told TechCrunch. He and 23andMe did not respond to Business Insider's requests for comment.

Lakshmi Varanasi, Business Insider

Maybe they don't know what they're doing. Probably the lawyers are still in the throes of a holiday food coma. I found this helpful chart to help explain why this kind of response isn't productive. Here, take a look.

Source: Wikimedia Commons

Hope this helps. Methinks Ancestry wouldn't protest as much? Eh.