In a letter to victims who filed a lawsuit against the company, 23andMe blames its breach on customers for reusing passwords.

They’re blaming customers for not having good cybersecurity practices instead of themselves for not having good cybersecurity practices.