23andMe to pay $30 million in data breach settlement
The breach, lasting five months, compromised nearly half of 23andMe’s customer data.
American personal genomics and biotechnology company 23andMe has agreed to a $30 million settlement after a data breach exposed the personal information of 6.9 million users. The breach, which occurred last year, compromised sensitive data, including DNA Relatives profiles and Family Tree information. Affected users will receive financial compensation and three years of security monitoring under the Privacy & Medical Shield + Genetic Monitoring program.
The lawsuit also accused 23andMe of failing to inform customers of Chinese and Ashkenazi Jewish descent that they were specifically targeted in the breach. The stolen information was later found for sale on the dark web. A federal judge must now approve the proposed settlement, which the company considers fair and beneficial for its users.
Despite its financial challenges, the company expects to cover $25 million of the settlement with cyber insurance. The breach, which began in April 2023 and lasted five months, affected nearly half of the company’s 14.1 million customers at the time. 23andMe disclosed the incident in an October 2023 blog post.
The company, led by co-founder Anne Wojcicki, is also facing financial difficulties. It posted a significant quarterly loss and has been attempting to go private. Shares of 23andMe have been trading below $1 since December 2023, a sharp drop from its original public offering price.