23andMe is close to settling a proposed class-action lawsuit filed against the company over a data breach that compromised the information of 6.9 million users. According to the original request, the DNA testing company agreed to pay $30 million to affected customers, as well as to perform computer scans and cybersecurity tests for three years. A website will be created to inform people who are eligible for a share of the settlement fund and to facilitate payments. Affected users will also be sent a link where they can remove all of their information from the service, and will be able to sign up for a free three-year Privacy & Medical Shield + Genetic Monitoring Plan. A judge still has to approve those terms.
In October 2023, the company admitted that the DNA Relatives information of approximately 5.5 million customers and the Family Tree profile information of 1.4 million DNA Relative participants were leaked. It was later revealed in an official filing that bad actors began hacking into customer accounts in late April 2023 and that they had access to their systems until September of that year. It said the hackers used a technique called credential stuffing, which uses previously compromised credentials to gain access to customer accounts.
The breach has led to several class-action lawsuits against the companies, including one that accuses 23andMe of failing to inform plaintiffs that they were specifically targeted to those of Chinese and Ashkenazi Jewish heritage. In the payment agreement [PDF] in the consolidated lawsuit, 23andMe noted that it “denies the claims and allegations set forth in the Complaint” and “denies that it has failed to adequately protect the Personal Information of its consumers and users.”
In accordance with Reuters23andMe describes its financial situation as “extremely uncertain.” In its financial report for the 2024 fiscal year, it revealed that it earned $220 million, down 27 percent from $299 million in revenue a year earlier. The bulk of the payout will come from cyber insurance, which the company expects to cover $25 million of the $30 million total.
Source link
