23andMe Settles Data Breach Lawsuit for $30 Million, Affecting Customer Privacy
Major Settlement in 23andMe Data Breach Lawsuit
23andMe is set to pay $30 million to resolve a class action lawsuit stemming from a data breach that compromised over 6.9 million customers. Following the breach, customers utilized the DNA Relatives feature, revealing personal information including names and birth years. The company attributed this security breach to credential stuffing, a method where older login details from prior leaks are exploited.
Details of the Lawsuit and Settlement
In January 2024, a class action lawsuit was filed against the company in San Francisco, citing insufficient privacy protections and any negligence regarding customer notification. Customers with Chinese or Ashkenazi Jewish heritage claimed they were specifically targeted for their data in this breach, raising serious concerns about the company's operational security. The settlement stipulates provisions for compensating those affected and offering three years of cybersecurity monitoring. 23andMe anticipates that a portion of the settlement, approximately $25 million, will be covered by cyber insurance.
The settlement highlights growing vulnerabilities in data management and the financial implications for companies like 23andMe. As they navigate this significant setback, the proposed resolution awaits judicial approval.
This article was prepared using information from open sources in accordance with the principles of Ethical Policy. The editorial team is not responsible for absolute accuracy, as it relies on data from the sources referenced.