23andMe disclosed the data breach last October but did not confirm the broader impact until December. Customers who use the DNA Relatives feature may have seen information such as names, birth years and ancestry information exposed through the breach. At the time, 23andMe attributed the attack to credential theft, a tactic that involves logging into accounts using recycled logins exposed in previous security breaches.
The rape was a hard blow to the Company already having difficultiesAs 23andMe's stock price continued to fall, 23andMe CEO Anne Wojcicki He tried to privatize the company Earlier this year, but the The special committee rejected the offer last month. The settlement mentions concerns around the company's finances, saying: “Any litigated judgment significantly larger than the Settlement is likely to be uncollectible.” In a statement to The edge23andMe spokeswoman Katie Watson said the company expects cyber insurance to cover $25 million of the settlement:
We have entered into a settlement agreement for a total cash payment of $30 million to resolve all U.S. claims related to the 2023 credential theft security incident. Plaintiffs' counsel have filed a motion for preliminary approval of this settlement agreement with the court. Approximately $25 million of the settlement and related legal expenses are expected to be covered by cyber insurance coverage. We continue to believe that this settlement is in the best interest of 23andMe customers and look forward to finalizing the agreement.
The proposed settlement still needs judge approval.