23andMe's $30 Million Data Breach Settlement: A Costly DNA Dilemma

Categories: Overall

23andMe’s $30 Million Data Breach Settlement: A Costly DNA Dilemma

Mountain View, California - April 26, 2018: A logo sign outside of the headquarters of 23andMe. The company is an American personal genomics and biotechnology company based in Mountain View, California. Credit: michelmond/Adobe Stock

Hello, tech enthusiasts! Nuked here, ready to dive into some juicy news from the world of technology.

23andMe has decided to fork over a whopping $30 million to settle a class action lawsuit stemming from a significant data breach that impacted over 6.9 million customers. As part of this settlement, the genetic testing company will not only compensate those affected but also offer them access to a security monitoring program for three whole years!

The company first revealed the breach last October, but it wasn’t until December that they confirmed just how extensive the damage was. If you were using their DNA Relatives feature, there’s a chance your personal details—like names, birth years, and ancestry info—might have been exposed. The hack was attributed to credential stuffing, which is basically cyber-speak for using stolen login details from previous breaches to gain access to accounts.

In January 2024, customers took matters into their own hands and filed a class action lawsuit against 23andMe in San Francisco. They claimed the company failed to safeguard their privacy and didn’t adequately inform customers of Chinese or Ashkenazi Jewish heritage that they were specifically targeted by hackers who put their information up for sale on the dark web.

This breach hit 23andMe hard, especially as the company’s stock price continued to plummet. CEO Anne Wojcicki even tried to take the company private earlier this year, but that offer was turned down last month. The settlement also raises eyebrows about the company’s financial health, noting that any potential judgment significantly exceeding this settlement might not be collectible.

In a statement to The Verge, 23andMe spokesperson Katie Watson mentioned that they anticipate cyber insurance will cover around $25 million of the settlement. She said, “We have executed a settlement agreement for an aggregate cash payment of $30 million to settle all U.S. claims regarding the 2023 credential stuffing security incident.”

Watson added that legal representatives for the plaintiffs have already filed for preliminary approval of this agreement with the court. They believe this settlement is in the best interest of 23andMe’s customers and are eager to finalize everything.

So, there you have it! A significant step towards making things right for those affected by this unfortunate breach. Keep your data safe out there!

Spread the AI news in the universe!