Americans in line to get one-time payment from $30m data breach settlement after customers’ info were stolen by hackers
Customers of 23andMe may soon be eligible for one-time cash payments following a significant $30 million settlement related to a data breach that compromised nearly seven million user accounts. This class action lawsuit was filed in San Francisco, accusing the genetics testing firm of failing to adequately protect its customers’ privacy.
The lawsuit highlighted that certain ethnic groups, particularly those of Chinese and Ashkenazi Jewish ancestry, were more vulnerable to hacking attempts. Hackers targeted these groups, selling their data on the dark web. In a cyberattack last year, outdated passwords were reportedly used to breach accounts connected to approximately 14,000 profiles, which linked to millions more through ancestry tracing.
Scope of the Data Breach
In October, sensitive data from over four million individuals in the UK and approximately one million Ashkenazi Jews was leaked on a Reddit thread and shared on the hacking blog BreachForums. 23andMe acknowledged that health reports and raw genotype data were stolen during the breach, which occurred between April and September 2023.
Company’s Response and Settlement Details
As part of the settlement, 23andMe has agreed to enhance its cyber protections and implement annual security checks, although the company denies any wrongdoing in the lawsuit. The settlement will provide cash payments to those whose data was compromised and offers customers the opportunity to enroll in a three-year program called Privacy & Medical Shield + Genetic Monitoring.
Despite agreeing to the settlement, 23andMe has requested a pause in the proceedings for tens of thousands of individuals involved in the lawsuit. The company cited its “extremely uncertain financial condition” as the reason for this request, seeking to delay until the settlement receives approval. According to a statement from the company, it expects about £25 million of the settlement to be covered by cyber insurance.
Impact of the Data Breach
The data breach, which affected nearly half of the 14.1 million customers in the firm’s database at the time, was disclosed in a blog post by 23andMe in October last year. Lawyers representing the plaintiffs stated that the main claims of their clients have been addressed in the settlement agreement.
Currently, 23andMe is facing financial difficulties, with its stock price plummeting from $10 per share three years ago to less than $1 since mid-December. This challenging financial landscape adds another layer of complexity to the settlement proceedings and the company’s ability to effectively manage the aftermath of the breach.
Also Read: Chapter 1606 VA Benefits: How does this benefit work and how can you get it?