Milwaukee attorney says time is now for claims over security breach

Listen to this article

As NBC News reports hackers have compiled and now shared a list of people with Ashkenazi Jewish ancestry from the popular website 23andMe, terrorists are calling for the hunting down of Jews on Friday, Oct. 13, 2023, in a “Kill a Jew Day.”

According to the NBC report, the database of Jews, now shared on dark web, contains the names, gender, ages and religious backgrounds of  999,999 people who used the service.

“Crazy, this could be used by Nazis,” NBC reported a person appeared in the database said.

Nazis aside, Hamas is calling for an international day of terrorism on Friday in what is being called “GLOBAL DAY OF JIHAD,” including in the United States.

On Tuesday, Khalid Mashal, the leader and founding member of Hamas, gave a speech calling on Muslims all around the world to carry out violent attacks against Jews and Christians.

Milwaukee Attorney Nick Zales said the recent 23andMe data breach could lead to substantial work for Wisconsin law firms.

Plaintiffs would be those whose personal protected information was accessed by unauthorized individuals. Claims they bring could be based on negligence and breach of contract. Other claims may be available under state and federal statutes, Zales said during an interview with the Wisconsin Law Journal.

Pursuant to Wis. Statute 134.98, which covers Wisconsin data protection, “Notice of unauthorized acquisition of personal information,” Zales said would be the relevant statute, noting that the key is addressing damages.

“Without substantial damages it will be hard to find law firms willing to pursue such claims. One reason is that any claims against 23andMe will likely end up in federal court. Typical damages include identity theft, fraud, financial losses, emotional distress, loss of privacy and reputational damage. If this breach were to lead to someone’s death, then the damages would skyrocket and make bringing a claim worthwhile,” Zales noted.

According to Zales, any Wisconsin firms that may seek to bring such claims would need a certain level of data breach expertise that most smaller firms do not have.

“It would require an examination of the ‘Terms and Conditions’ that may try and disclaim any liability or to limit damages to the amount paid by the customer,” Zales said, noting that those claims could be attacked as being unconscionable.

“The question of cyberinsurance also comes into play,” Zales noted.

“Does 23andMe have sufficient coverage to make bringing claims worthwhile?” Zales asked.

According to Zales, a class-action lawsuit has been brought based on this breach (Santana v. 23andMe Inc., Northern District of California, No. 3:23-cv-05147).

“That might be a way for Wisconsin law firms to bring claims en masse instead of by the individual,” Zales noted.

“In any case, the time to act is now before the courts become flooded with these lawsuits and plaintiffs in Wisconsin find their claims being swept up in the mass of litigation that is sure to follow this data breach. As with any lawsuit, many factors must be considered before going to court. But waiting to contact an attorney is not advisable. Strike while the iron is hot. These claims may all be resolved by settlements and one does not want to be left behind,” Zales added.

The Wisconsin Law Journal reached out to 23andMe requesting a comment on Thursday and on Friday the company deferred to a blog and issued the following statement:

“We do not have any indication at this time that there has been a data security incident within our systems, or that 23andMe was the source of the account credentials used in these attacks. While we are continuing to investigate this matter, we believe threat actors were able to access certain accounts in instances where users recycled login credentials – that is, usernames and passwords that were used on 23andMe.com were the same as those used on other websites that have been previously compromised,” a 23andMe spokesperson said.

A self-proclaimed national security expert whose tweet had more than 1 million views says he converted from Islam to Christianity and predicts Friday will see terrorist attacks.

As previously reported by the Wisconsin Law Journal, the Federal Bureau of Investigation issued a statement just days earlier saying while there is no credible evidence of an attack, various levels of law enforcement are coordinating.

This story has been updated.