Get updates delivered to you daily. Free and customizable.
The US Sun
Customers using 23andMe can get payment from $30 million data breach settlement – but the dates will affect the amount
By Amanda Castro,
6 hours ago
GENETIC testing giant 23andMe has agreed to a $30 million settlement following a class action lawsuit stemming from a data breach in 2023.
This breach, which exposed the personal data of millions of customers, led to accusations that the company failed to protect user information adequately and delayed notifying its customers about the incident.
Despite agreeing to the settlement, 23andMe has denied any wrongdoing, stating that the decision to settle was made in the best interest of its customers.
A spokesperson from the company said, per Fox Business, “We continue to believe this settlement is in the best interest of 23andMe customers, and we look forward to finalizing the agreement.”
The settlement amount includes around $25 million covered by the company’s cyber insurance.
However, the deal still awaits final approval from a judge before payments can be distributed to affected customers.
HOW IT UNFOLDED
The breach became public in October 2023 when reports surfaced that customer information from 23andMe had appeared for sale on the dark web.
Hackers reportedly accessed names, birth years, genders, and ancestry details, among other non-DNA information.
By December, 23andMe confirmed that personal data from about 6.9 million users, almost half of its customer base, had been compromised.
The breach occurred due to a cyberattack technique called “credential stuffing.”
With this method, hackers use usernames and passwords from previous data breaches to access accounts.
In this case, customers who reused the same login credentials across multiple platforms were particularly vulnerable.
KEY DETAILS
For 23andMe users, the timing of the breach will influence their eligibility for payouts.
Customers who were impacted by the data breach between October and December 2023 could be eligible for compensation once the settlement is finalized.
Still, specifics around individual payout amounts have not yet been disclosed.
We have executed a settlement agreement for an aggregate cash payment of $30 million to settle all U.S. claims regarding the 2023 credential stuffing security incident. Counsel for the plaintiffs have filed a motion for preliminary approval of this settlement agreement with the court. Roughly $25 million of the settlement and related legal expenses are expected to be covered by cyber insurance coverage. We continue to believe this settlement is in the best interest of 23andMe customers, and we look forward to finalizing the agreement.
While the judge’s approval is still pending, impacted customers should monitor updates to determine if they qualify for a share of the settlement.
Those affected are advised to stay vigilant about any official notices from 23andMe regarding claim submissions and payment timelines.
The U.S. Sun has reached out to 23andMe for comment.
If this settlement is not of interest, there are several others that Americans can benefit from.
Home Depot is set to pay a $2 million settlement after overcharging customers.
Plus, a filing settlement has three ways for taxpayers to claim cash from a $14.96 million settlement.
let's do the math 30 mill for millions, can't wait for my 10 dollar check. and your info is out there forever
sunny
2h ago
I purchased the kit in like september, but I sent in my kit nov 2023 got my results at the end of nov or very beginning of Dec. are those people included? This is the first I’m hearing about this, 23 and me didn’t send me anything.
Get updates delivered to you daily. Free and customizable.
It’s essential to note our commitment to transparency:
Our Terms of Use acknowledge that our services may not always be error-free, and our Community Standards emphasize our discretion in enforcing policies. As a platform hosting over 100,000 pieces of content published daily, we cannot pre-vet content, but we strive to foster a dynamic environment for free expression and robust discourse through safety guardrails of human and AI moderation.