23andMe is close to settling a class-action lawsuit filed against the company over a data breach that compromised the information of 6.9 million users. According to the preliminary filing for the settlement, the DNA testing company has agreed to pay $30 million to affected customers, as well as perform annual computer scans and cybersecurity audits for three years. A website will be set up to notify people who are eligible to receive a portion of the settlement fund and to facilitate payments. Affected users will also receive a link where they can delete all of their information from the service and be able to sign up for a three-year Privacy & Medical Shield + Genetic Monitoring program for free. A judge still has to approve those terms.
In October 2023, the company admitted that DNA Relatives profile information for approximately 5.5 million customers and Family Tree profile information for 1.4 million DNA Relative participants had been leaked. It later revealed in a legal filing that malicious actors began breaking into customers’ accounts in late April 2023 and had access to their systems until September of that year. It said the hackers used a technique called credential theft, which uses previously compromised login credentials to access customers’ accounts.
The breach led to several class-action lawsuits filed against the company, including one accusing 23andMe of failing to notify plaintiffs that they were specifically targeted for having Chinese and Ashkenazi Jewish ancestry. conciliation agreement (PDF) For the consolidated complaint, 23andMe noted that it “denies the claims and allegations set forth in the Complaint” and that it “denies that it has failed to adequately protect the Personal Information of its customers and users.”
According technology/cybersecurity/23andme-settles-data-breach-lawsuit-30-million-2024-09-13/” rel=”nofollow noopener” target=”_blank” data-ylk=”slk:Reuters;cpos:5;pos:1;elm:context_link;itc:0;sec:content-canvas” class=”link “>Reuters23andMe describes its financial situation as “extremely uncertain.” Financial report For fiscal 2024, it said it had total revenue of $220 million, down 27 percent from $299 million the year before. However, a large portion of the settlement money will come from cyber insurance, which the company expects to cover $25 million of the $30 million total.
