Biotechnology company 23andMe has reached a $30 million settlement following a significant data breach impacting 6.9 million users.
In a court filing with the Northern District of California, 23andMe outlined the settlement terms, which aim to provide compensation to those affected by the breach.
Details of the 23andMe Settlement
In October 2023, 23andMe disclosed a data breach where hackers accessed users’ personal records and genetic information. By December, the company revealed that while around 14,000 users had their data stolen, the breach extended to 6.9 million users due to exploitation of the relative-finder tool.
The class-action lawsuit, filed in San Francisco, additionally claimed that 23andMe did not adequately inform users of Chinese and Ashkenazi Jewish backgrounds, who were reportedly targeted for their data on the dark web.
While the company has committed to the settlement, the distribution of funds will not be equal among all victims. Of the total $30 million, only $5 million is earmarked for user compensation. Those who can demonstrate extraordinary claims, such as instances of financial fraud, may receive up to $10,000, whereas others will only be eligible for $100. A significant portion of the settlement is designated for attorney fees.
As part of the settlement, 23andMe is obligated to enhance its cybersecurity protocols and offer a tailored “Privacy & Medical Shield + Genetic Monitoring” program to affected users to help mitigate future risks of fraud and identity theft. After court approval, a dedicated settlement website will be created to assist users in filing their claims.
If you are among the millions impacted, stay informed for updates on how to submit your claim as more details become available.
