Excerpt from CNET Article, Published on Oct 15, 2024.
In a major fallout from the April 2023 data breach, 23andMe, the popular genetic testing service, has agreed to settle a $30 million class-action lawsuit, potentially paying individual victims as much as $10,000. This settlement addresses the breach that exposed the personal information of 6.9 million users, nearly half of the company’s customer base.
The breach, initially confirmed in October 2023, became worse than initially reported, revealing that sensitive user data had been compromised for months. The lawsuit, filed in January 2024, claims 23andMe failed to adequately protect user information, particularly targeting customers of Chinese and Ashkenazi Jewish ancestry, whose data was found circulating on the dark web.
The settlement, pending court approval, could provide significant compensation for affected customers. Those who can demonstrate they incurred specific hardships, such as identity theft or financial losses, are eligible to claim up to $10,000. Affected residents in states with strong genetic privacy laws—Alaska, California, Illinois, and Oregon—may also receive around $100 as part of the settlement.
In addition to the cash compensation, 23andMe will offer three years of Privacy Shield, a service providing dark web and online monitoring, to further safeguard user information.
The breach has stirred distrust among users, leading to the resignation of independent board members and raising concerns about 23andMe’s ability to safeguard personal genetic data moving forward. The company, however, maintains that this settlement is in the best interest of its users.
At this time, there is no process for submitting claims, but updates are expected soon. With the settlement serving as a major milestone, many users are left questioning how safe their data really is in the age of personal genomics.
To delve deeper into this topic, please read the full article on CNET.
