DNA test kit company sued for data leak, US$30 million lawsuit

23andMe, a DNA genetics testing company, recently faced a major data leak that exposed the personal information of 6.9 million customers. Hackers accessed data from 5.5 million DNA Relatives profiles and another 1.4 million Family Tree users, with some of this information sold on the dark web.

The data breach at 23andMe, which occurred between April and September 2023, exposed the personal information of 6.9 million customers. The breach affected nearly half of the company’s 14.1 million users, with hackers accessing 5.5 million DNA Relatives profiles and data from another 1.4 million users who used the Family Tree feature. The leaked information was later sold on the dark web, targeting customers of Chinese and Ashkenazi Jewish ancestry specifically.

Also read: Study shows human body ages rapidly in two bursts, at 44 and 60

In response, 23andMe has agreed to a US$30 million settlement and will provide three years of security monitoring. This settlement also addresses claims that 23andMe failed to inform affected customers about the breach and its specific targeting. Filed in federal court in San Francisco, the settlement requires approval from a judge.

The settlement includes cash payments to those affected by the breach and enrollment in a program called Privacy & Medical Shield + Genetic Monitoring for three years. 23andMe called the settlement “fair, adequate, and reasonable” but requested a delay on arbitrations by class members until the settlement is approved or they choose to opt out.

Given its financial difficulties, 23andMe anticipates that about US$25 million of the settlement cost will be covered by cyber insurance. The company has been struggling financially, reporting a US$69.4 million loss on US$40.4 million in revenue for the quarter ending June 30. The company’s stock has been trading below US$1 since December, and CEO Anne Wojcicki is attempting to take the company private.

Also read: Miley Cyrus sued for allegedly copying Bruno Mars’ hit Flowers

The settlement marks a significant step in addressing the fallout from the breach and reflects ongoing efforts to improve data security and customer protection.