Americans in line to get one-time payment from $30m data breach settlement after customers’ info were stolen by hackers
Customers of genetics testing firm 23andMe could be eligible for one-time cash payments following a significant $30 million settlement related to a massive data breach. This incident compromised the accounts of nearly seven million users, exposing sensitive personal data.
Lawsuit and Data Breach Details
A class action lawsuit filed in San Francisco accused 23andMe of failing to adequately protect its customers’ privacy. The company has faced criticism for not informing clients that certain ethnic groups, particularly those with Chinese and Ashkenazi Jewish ancestry, were specifically targeted by hackers selling their data on the dark web.
The breach involved hackers exploiting old passwords to access user files linked to approximately 14,000 profiles, which in turn connected to millions more through ancestry tracing. In October, data from over four million individuals in the UK, including a million Ashkenazi Jews, was leaked on a Reddit thread and hacking blog BreachForums.
In January, 23andMe confirmed that attackers had stolen health reports and raw genotype data between April and September of the previous year. While the company has agreed to enhance its cybersecurity measures and implement annual checks, it denied any wrongdoing related to the lawsuit.
Settlement Terms and Financial Challenges
The settlement includes cash payments for individuals whose data was compromised and allows customers to enroll in a three-year program called Privacy & Medical Shield + Genetic Monitoring. 23andMe described the settlement request as reasonable but requested a pause in proceedings for tens of thousands of people involved in the suit, citing its “extremely uncertain financial condition.” The company expects that around £25 million of the settlement will be covered by cyber insurance.
The data breach occurred in April 2023 and lasted approximately five months, affecting nearly half of the 14.1 million customers in the firm’s database at the time. 23andMe publicly disclosed the breach in a blog post in October 2023.
Attorneys representing the plaintiffs in the lawsuit stated that the company’s main claims had been addressed. The firm is currently facing financial difficulties, with its stock price dropping from $10 per share three years ago to below $1 since mid-December.
