Big News: Americans in line to get one-time payment from $30m data breach settlement after customers’ info were stolen by hackers
Customers of genetics testing firm 23andMe could be entitled to a one-time cash payment following a significant $30 million settlement related to a major data breach. The breach affected nearly seven million user accounts, leading to the theft of sensitive personal data.
Allegations of Privacy Violations
A class action lawsuit filed in San Francisco accused 23andMe of failing to adequately protect its customers’ privacy. The suit highlighted that certain ethnic groups, particularly those with Chinese and Ashkenazi Jewish ancestry, were disproportionately targeted by hackers who sold their data on the dark web.
The breach was attributed to hackers using outdated passwords to access approximately 14,000 user profiles, which were linked to millions more through ancestry tracing. In October, data belonging to over four million people in the UK and one million Ashkenazi Jews was leaked on a Reddit thread and a hacking blog, BreachForums. In January, 23andMe acknowledged that attackers had stolen health reports and raw genotype data from April to September.
Commitment to Cybersecurity
As part of the settlement, 23andMe has agreed to enhance its cybersecurity measures and conduct annual checks. Despite these agreements, the company has denied any wrongdoing in connection with the lawsuit. The settlement also includes cash payments for those whose data was compromised, as well as an opportunity for customers to enroll in a three-year program called Privacy & Medical Shield + Genetic Monitoring.
Financial Concerns and Settlement Status
On Friday, 23andMe described the settlement request as reasonable but asked the judge to pause proceedings for the tens of thousands of people involved in the suit. The company cited its “extremely uncertain financial condition” and requested that this pause remain in place until the settlement is approved. It was noted that approximately £25 million of the settlement may be covered by cyber insurance.
The data breach occurred in April 2023 and lasted for about five months, impacting almost half of the 14.1 million customers in the company’s database at the time. 23andMe publicly disclosed the breach in a blog post in October of last year. Lawyers representing the plaintiffs stated that their clients’ main claims have been addressed in the settlement.
23andMe is currently facing financial challenges, with its stock price plummeting from $10 per share three years ago to under $1 since mid-December.
Also read: RECALL UPDATE: FDA Warns Recalled Dog Food Should Be ‘Thrown Out or Destroyed’