23andMe Faces $30 Million Payout After Massive Data Breach Exposes Millions

Clear Facts

• 23andMe has agreed to pay $30 million to settle a class action lawsuit over a 2023 data breach.
• The breach affected approximately 6.9 million users, exposing personal data such as names, birth years, and ancestry information.
• The settlement is pending approval by a judge, with $25 million expected to be covered by cyber insurance.

Genetic testing company 23andMe is set to pay $30 million to resolve a class action lawsuit following a significant data breach in 2023. This breach compromised the personal data of millions of users, leading to widespread concern and legal action.

The lawsuit accused 23andMe of not adequately safeguarding user information and failing to promptly inform users about the breach. Despite agreeing to the settlement, the company has denied any wrongdoing.

“We continue to believe this settlement is in the best interest of 23andMe customers, and we look forward to finalizing the agreement,” a spokesperson for 23andMe said in a statement.

The agreement awaits judicial approval. The spokesperson added that about $25 million of the settlement and related legal expenses are anticipated to be covered by cyber insurance.

In October 2023, the profile information of some 23andMe customers began appearing on the dark web. Hackers were offering compilations of this data for a price, which included names, birth years, genders, ancestry, and other non-DNA profile information.

The California-based company confirmed in December 2023 that hackers had stolen personal data from approximately 6.9 million users, which is nearly half of its customer base.

The breach occurred because customers had reused usernames and passwords from other compromised websites on 23andMe. This tactic, known as credential stuffing, allowed hackers to gain access to the accounts.

The cybersecurity industry frequently warns against credential stuffing, emphasizing the importance of unique passwords for different platforms.

As the settlement process moves forward, 23andMe aims to put this incident behind them and restore customer trust.

Let us know what you think, please share your thoughts in the comments below.

Source