Genetics testing company 23andMe has agreed to a $30 million settlement following a class-action lawsuit stemming from a massive data breach in 2023.
The breach exposed the personal and genetic information of 6.9 million customers, leading to accusations that the company failed to adequately protect sensitive data. As part of the settlement, 23andMe will offer affected customers three years of security monitoring and cash payments.
Lasting for five months, the data breach impacted nearly half of 23andMe’s user base.
The settlement seeks to address these privacy issues while providing customers with enhanced protection for their data moving forward.
Why It Matters: With genetic testing companies collecting highly sensitive personal information, including DNA data, the 23andMe breach highlights the growing need for stricter data security measures in the industry. As more consumers turn to these services for health insights and ancestry tracing, the case underscores the serious consequences of cybersecurity failures.
- Settlement Details: 23andMe will pay $30 million and provide three years of monitoring through the Privacy & Medical Shield + Genetic Monitoring program to help protect customers‘ data going forward.
- Breach Impact: The breach, which began in April 2023 and lasted five months, affected nearly half of 23andMe’s 14.1 million users, with 5.5 million DNA Relatives profiles and 1.4 million Family Tree users compromised.
- Company’s Financial Struggles: 23andMe reported a loss of $69.4 million in Q2 2024 and has seen its stock trade below $1, creating further financial pressure. Cyber insurance is expected to cover most of the settlement costs.
- Ongoing Litigation Risks: The settlement avoids the risks of prolonged litigation, though 23andMe has requested the suspension of arbitration by thousands of class members until the settlement is finalized.
Go Deeper -> 23andMe settles data breach lawsuit for $30 million – Reuters