> One 23andMe customer impacted by the breach told TechCrunch that it's "appalling that 23andMe is attempting to hide from consequences instead of helping its customers."
I mean... Of course they ate trying to dodge extra punishment from California while trying to help customers. They can be doing both at the same time.
And as a legal argument, they may have a point. How precisely are they supposed to secure their architecture against recycled login credentials? Does California's law imply that you have to implement two-factor authentication? Seems like it would be a novel application of the law if that's the case.
I mean... Of course they ate trying to dodge extra punishment from California while trying to help customers. They can be doing both at the same time.
And as a legal argument, they may have a point. How precisely are they supposed to secure their architecture against recycled login credentials? Does California's law imply that you have to implement two-factor authentication? Seems like it would be a novel application of the law if that's the case.