Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label customer data privacy. Show all posts

23andMe Agrees to $30 Million Settlement Over Data Breach Impacting 6.9 Million Customers

 

23andMe has agreed to pay $30 million and provide three years of security monitoring as part of a settlement to resolve a lawsuit alleging the genetics testing company failed to safeguard the personal data of 6.9 million customers compromised in a data breach last year.

The settlement also addresses claims that 23andMe did not inform customers of Chinese and Ashkenazi Jewish descent that they were specifically targeted by the hacker, who allegedly sold their data on the dark web.

Filed late Thursday in a federal court in San Francisco, the proposed class action settlement awaits approval from a judge. It includes financial compensation for affected customers and offers enrollment in the Privacy & Medical Shield + Genetic Monitoring program for three years.

In a court filing on Friday, 23andMe described the settlement as fair and reasonable. The company also requested the suspension of arbitration cases initiated by tens of thousands of class members until the settlement is approved or they opt out.

The company stated the settlement serves its customers' best interests, with $25 million of the settlement likely to be covered by cyber insurance.

The breach, which occurred between April and September 2023, impacted nearly half of 23andMe’s 14.1 million customers. It was disclosed in an October 2023 blog post, revealing that 5.5 million DNA Relatives profiles and data from 1.4 million customers using the Family Tree feature were compromised.

Lawyers representing the plaintiffs said the settlement addresses their key claims, noting that further litigation posed significant risks given 23andMe’s financial difficulties.

The South San Francisco-based company reported a $69.4 million loss on $40.4 million in revenue for the quarter ending June 30. CEO Anne Wojcicki has been working to take the company private, following its public debut at $10 per share. Shares have been trading below $1 since December 2023.

The plaintiffs’ attorneys may seek up to 25% of the settlement as legal fees.

The case is titled In re 23andMe Inc Customer Data Security Breach Litigation, US District Court, Northern District of California, No. 24-md-03098.