Current:Home > Scams23andMe agrees to $30 million settlement over data breach that affected 6.9 million users-DB Wealth Institute B2 Reviews & Ratings
23andMe agrees to $30 million settlement over data breach that affected 6.9 million users
lotradecoin futures trading platform View Date:2024-12-25 14:31:10
Ancestry and genetics-testing company 23andMe has agreed to pay a $30 million settlement after a class-action lawsuit was brought against the company for last year's data breach.
The settlement, which is pending a judge's approval, comes after the company confirmed in October that "threat actors" used about 14,000 accounts, approximately 0.1% of the company's user base, to access the ancestry data of 6.9 million connected profiles. Leaked data included users' account information, location, ancestry reports, DNA matches, family names, profile pictures, birthdates and more.
While 23andMe confirmed the existence of the breach in October, it did not reveal the full extent of the issue until December. A class-action suit was filed in San Francisco the following month, accusing 23andMe of failure to amply protect users' personal information. It also accused 23andMe of neglecting to notify certain users that data from people with Chinese or Ashkenazi Jewish heritage appeared to be targeted in the breach.
Here's what to know about the breach and the class-action suit.
Class-action lawsuit
The class-action lawsuit filed in January accuses 23andMe of inadequately protecting user data and failing to notify affected parties in time, among other complaints.
Terms of the settlement include payment to those affected by the security incident to cover expenses like those incurred fighting identity theft, installing physical security systems, or seeking mental health treatment; payments to those living in states with genetic privacy laws; payments to all those who had health information leaked; and three years of access to state of the art "Privacy & Medical Shield + Genetic Monitoring" for all settlement members who enroll.
The company admitted to no wrongdoing as part of the agreement to pay $30 million to affected parties.
As of Monday, a judge still has to approve the deal. If approved, more information will be released for affected parties looking to get in on the legal action.
"We have executed a settlement agreement for an aggregate cash payment of $30 million to settle all U.S. claims regarding the 2023 credential stuffing security incident," 23andMe told USA TODAY in a statement. "We continue to believe this settlement is in the best interest of 23andMe customers, and we look forward to finalizing the agreement."
The company also said that roughly $25 million of the settlement and related legal expenses are expected to be covered by cyber insurance coverage.
23andMe data breach
In October, 23andMe said via its website that an outside entity had stolen information from customers using its DNA Relatives feature. The company temporarily disabled the service, saying it believed "threat actors" had gained access using a technique called credential stuffing, in which they used usernames and passwords that had already been exposed via other websites' data breaches or otherwise became available.
“We believe threat actors were able to access certain accounts in instances where users recycled login credentials – that is, usernames and passwords that were used on 23andMe.com were the same as those used on other websites that have been previously hacked,” 23andMe wrote on its website at the time.
In December, 23andMe revealed the extent of the breach, saying ancestry data of 6.9 million people had been affected, 5.5 million of whom were users who opted into 23andMe's "Relatives" feature, which links people with common DNA. Another 1.4 million users also had their family tree information accessed.
"We do not have any indication that there has been a breach or data security incident within our systems, or that 23andMe was the source of the account credentials used in these attacks," a company spokesperson said in an email at the time.
What was exposed in the data breach?
The accessed data contained personal and family information according to the company, including:
DNA relatives' profile information
- Display name
- How recently they logged into their account
- Their relationship labels
- Their predicted relationship and percentage DNA shared with their DNA Relatives matches
- Their ancestry reports and matching DNA segments, specifically where on their chromosomes they and their relative had matching DNA
- Self-reported location (city/zip code)
- Ancestor birth locations and family names
- Profile picture, birth year
- A weblink to a family tree they created, and anything else they may have included in the “Introduce yourself” section of the profile
Family tree information
- Display name
- Relationship labels
- Birth year
- Self-reported location (city/zip code)
Contributing: Amaris Encinas and James Powel, USA TODAY
veryGood! (17)
Related
- 'Love Island UK' stars Molly-Mae Hague, Tommy Fury announce split after 5 years
- California Gov. Gavin Newsom signs bills to enhance the state’s protections for LGBTQ+ people
- Woman arrested after 55 dogs are removed from animal rescue home and 5 dead puppies found in freezer
- Horoscopes Today, September 23, 2023
- A stowaway groundhog is elevated to local icon
- US border agency chief meets with authorities in Mexico over migrant surge
- Former President Jimmy Carter makes appearance at peanut festival ahead of his 99th birthday
- William Byron withstands Texas chaos to clinch berth in Round of 8 of NASCAR playoffs
- Biden to designate 1908 Springfield race riot site as national monument
- Usher to headline the 2024 Super Bowl halftime show in Las Vegas
Ranking
- Police identify suspect in break-in of Trump campaign office in Virginia
- Yes, empty-nest syndrome is real. Why does sending my kid to college make me want to cry?
- A mayoral race in a small city highlights the rise of Germany’s far-right AfD party
- Hollywood writers reach a tentative deal with studios after nearly five month strike
- Conservative are pushing a ‘parental rights’ agenda in Florida school board races. But will it work?
- Student loan borrowers face plenty of questions, budget woes, as October bills arrive
- Alabama State football suspends player indefinitely for striking security guard after loss
- Canadian autoworkers ratify new labor agreement with Ford
Recommendation
-
The Notebook Actress Gena Rowlands Dead at 94
-
WEOWNCOIN: The Security of Cryptocurrency and Digital Identity Verification
-
When does 'The Voice' Season 24 start? Premiere date, how to watch, judges and more
-
High-speed rail was touted as a game-changer in Britain. Costs are making the government think twice
-
Collin Gosselin claims he was discharged from Marines due to institutionalization by mom Kate
-
Breakers Dominika Banevič and Victor Montalvo qualify for next year’s Paris Olympics
-
Inside Kourtney Kardashian and Travis Barker's Disney-Themed Baby Shower
-
Ideological rifts among U.S. bishops are in the spotlight ahead of momentous Vatican meeting