Summary of 23andMe Settles for $30 Million After Massive Data Breach | Entrepreneur

  • entrepreneur.com
  • Article
  • Summarized Content

    html

    23andMe Data Breach Settlement

    In a significant development, 23andMe, a leading genetics testing company, has agreed to pay a $30 million settlement to resolve a class-action lawsuit arising from a major data breach that exposed the personal information of millions of its customers. The breach, which occurred in April 2023, involved the theft of sensitive data, including DNA profiles, and its subsequent sale on the dark web.

    • The lawsuit alleged that 23andMe failed to adequately protect its customers' data and delayed notifying them about the breach.
    • The company will also provide three years of security monitoring for affected customers.

    Details of the 23andMe Data Breach

    The data breach affected approximately 6.9 million 23andMe customers, representing nearly half of the company's user base at the time. Hackers gained access to sensitive data, including DNA profiles, names, addresses, and other personal information. This data was subsequently sold on the dark web.

    • The breach lasted for about five months, from April 2023 to September 2023.
    • The lawsuit specifically alleged that 23andMe targeted customers with Ashkenazi Jewish and Chinese ancestry, suggesting they may have been specifically targeted.

    23andMe's Response to the Data Breach

    23andMe has acknowledged the data breach and the settlement as "fair, adequate, and reasonable." The company has also stated that it is taking steps to enhance its cybersecurity measures to prevent future breaches.

    • In a December 2023 blog post, 23andMe outlined the steps it has taken to address the data breach, including improving its security infrastructure and implementing new security protocols.
    • The company has also committed to being more transparent with customers about its cybersecurity practices.

    Impact on 23andMe Customers

    The data breach has raised significant concerns about the security of genetic information. Customers are rightfully concerned about the potential misuse of their DNA profiles and other personal information.

    • The settlement provides financial compensation to affected customers, with the amount depending on the severity of the impact on their personal information.
    • Customers in certain states, including Alaska, California, Illinois, and Oregon, may be eligible for additional compensation due to state-specific genetic privacy laws.

    Key Takeaways from the 23andMe Data Breach

    The 23andMe data breach highlights the increasing risks associated with storing sensitive personal information, including genetic data, online. It underscores the importance of strong cybersecurity measures and transparency from companies handling this type of data.

    • Companies need to prioritize robust cybersecurity practices and implement comprehensive security measures to protect their customers' data.
    • Consumers should be aware of the risks associated with sharing their genetic information and carefully consider the privacy implications of using genetics testing services.

    How to Claim Compensation

    If you are a 23andMe customer who was affected by the data breach, you may be eligible for compensation. The settlement outlines the process for filing claims, with instructions available once the settlement receives final approval.

    • Affected customers can claim between $100 and $10,000, with the amount depending on the nature of the breach's impact on their personal information.
    • Detailed instructions for filing claims will be provided once the settlement is finalized.

    Ask anything...

    Sign Up Free to ask questions about anything you want to learn.