Genetic testing company 23andMe has agreed to pay $30 million to settle a class-action lawsuit stemming from a data breach that exposed the personal information of more than 6.9 million customers.
The Verge Reports Popular genetic testing company 23andMe has reached a settlement agreement to resolve a class-action lawsuit brought by customers affected by a massive data breach that occurred in 2023. The breach, which the company disclosed in October of that year, exposed sensitive information of more than 6.9 million users, including names, birth dates, and ancestry data.
As part of the settlement, 23andMe will pay compensation to affected customers and provide them with access to a three-year security monitoring program. The settlement, which still needs to be approved by a judge, is intended to address plaintiffs' concerns that the company has not adequately protected their customers' privacy.
The data breach was the result of a technique known as credential stuffing, in which hackers accessed 23andMe accounts using login credentials reused in previous security breaches, but the company only acknowledged the full impact of the breach in December.
In January 2024, customers filed a class action lawsuit against 23andMe in a San Francisco court, alleging that the company not only failed to protect their personal information, but also failed to properly inform customers of Chinese or Ashkenazi Jewish descent that they were being targeted by hackers when their data was being offered for sale on the dark web.
The breach was a major blow to 23andMe, which was already in financial difficulty. An attempt by CEO Anne Wojcicki earlier this year to take the company private was rejected by a special committee last month. The settlement agreement acknowledged concerns about the company's finances and said it “is likely that any litigation judgments that significantly exceed the settlement amounts will be unrecoverable.”
23andMe spokesperson Katie Watson said the company expects its cyber insurance will cover $25 million of the settlement. In a statement to the Verge, Watson said: “We have entered into a settlement agreement to resolve all U.S. claims related to the 2023 credential stuffing security incident for a total cash payment of $30 million. Plaintiffs' counsel has filed a motion with the court seeking preliminary approval of the settlement agreement. Approximately $25 million of the settlement amount and associated litigation costs are expected to be covered by our cyber insurance. We continue to believe that this settlement is in the best interest of 23andMe customers and look forward to closing the agreement.”
Learn more The Verge is here.
Lucas Nolan is a reporter for Breitbart News covering free speech and online censorship.
