For several years now, TechCrunch has revisited some of the worst and most poorly handled data breaches and security incidents, hoping to inspire corporate giants to learn from past mistakes and avoid repeating them.
Yet, here we are again. This year brings a fresh crop of companies exhibiting the same reckless behavior — with a few bonus (dis)honorable mentions that might have slipped under your radar.
23andMe Blamed Users for Its Massive Data Breach
Genetic testing giant 23andMe made headlines last year after hackers accessed genetic and ancestry data of nearly 7 million customers. The breach occurred through brute-force attacks on thousands of user accounts, allowing the attackers to scrape data on millions more. In response, 23andMe belatedly introduced multi-factor authentication — a security feature that could have mitigated the damage had it been in place earlier.
However, rather than taking accountability, 23andMe began the new year by deflecting blame onto its users, claiming they failed to adequately secure their accounts. This finger-pointing drew criticism from legal representatives of affected customers, who called the company’s stance “nonsensical.” The backlash prompted U.K. and Canadian authorities to launch a joint investigation into the breach.
As the year progressed, 23andMe faced additional turmoil, laying off 40% of its workforce amid financial uncertainty. The future of its vast repository of customer genetic data now hangs in the balance.