BELOW SUPERNAV drop zone ⇩

23andMe agrees to $30M settlement over 2023 data breach

MAIN AREA TOP drop zone ⇩

MAIN AREA TOP drop zone ⇩

(NEXSTAR) — 23andMe has proposed a $30 million settlement over a class-action lawsuit filed in response to a 2023 data breach.

23andMe, a genetic testing and biotech company, first announced in October 2023 that the site had been the victim of a “credential stuffing attack,” during which hackers were able to use login credentials — allegedly obtained via a previous hack of an unrelated website — to access its customers’ accounts.

In the months that followed, 23andMe confirmed that “threat actors” were able to access about 14,000 accounts, through which the data of 6.9 million users was compromised. Much of that data belonged to users who opted into the DNA Relatives feature, which allows users to share certain personal information with other users considered their genetic relatives.

A class-action lawsuit subsequently filed against 23andMe accused the site of failing to protect users, Reuters reported. The lawsuit also alleged that much of the stolen data belonged to Jewish and Chinese users, possibly in a targeted attack, according to the outlet.

In a statement obtained by NewsNation parent company Nexstar, 23andMe confirmed it had proposed the $30 million settlement agreement, though it had not been approved as of Monday.

“We have executed a settlement agreement for an aggregate cash payment of $30 million to settle all U.S. claims regarding the 2023 credential stuffing security incident. Counsel for the plaintiffs have filed a motion for preliminary approval of this settlement agreement with the court,” a 23andMe spokesperson wrote in an emailed statement.

“Roughly $25 million of the settlement and related legal expenses are expected to be covered by cyber insurance coverage,” the statement continued. “We continue to believe this settlement is in the best interest of 23andMe customers, and we look forward to finalizing the agreement.”

Reuters reported that 23andMe had also proposed to offer affected users three years of enrollment in an online security program in addition to the payments.

Court documents filed by 23andMe, and first cited by tech outlets including PCMag and CNET, also indicate that members of the class-action lawsuit may be eligible for payments of around $100 or possibly more, depending on the claims rate. Payments of up to $10,000 may also be made in cases of “extraordinary claims” in which victims provide evidence of losses of expenses incurred as a result of the breach, the documents say.

Users who were targeted by the breach cannot yet file a claim or apply for a payment until approval of 23andMe’s proposal. A representative for 23andMe did not say whether users would be notified of any method for filing a claim in the future.

Business

Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed

Site Settings Survey

 

MAIN AREA MIDDLE drop zone ⇩

Trending on NewsNation

AUTO TEST CUSTOM HTML 20241119133138

AUTO TEST CUSTOM HTML 20241202111905

MAIN AREA BOTTOM drop zone ⇩

tt

KC Chiefs parade shooting: 1 dead, 21 shot including 9 kids | Morning in America

Witness of Chiefs parade shooting describes suspect | Banfield

Kansas City Chiefs parade shooting: Mom of 2 dead, over 20 shot | Banfield

WWE star Ashley Massaro 'threatened' by board to keep quiet about alleged rape: Friend | Banfield

Friend of WWE star: Ashley Massaro 'spent hours' sobbing after alleged rape | Banfield

Fair

la

54°F Fair Feels like 54°
Wind
0 mph WSW
Humidity
90%
Sunrise
Sunset

Tonight

Partly cloudy this evening, then becoming foggy and damp after midnight. Low 48F. Winds light and variable.
48°F Partly cloudy this evening, then becoming foggy and damp after midnight. Low 48F. Winds light and variable.
Wind
2 mph NNW
Precip
10%
Sunset
Moon Phase
Waxing Crescent