Current:Home > Contact-us23andMe agrees to $30 million settlement over data breach that affected 6.9 million users-Angel Dreamer Wealth Society D1 Reviews & Insights
23andMe agrees to $30 million settlement over data breach that affected 6.9 million users
View Date:2024-12-23 16:32:24
Ancestry and genetics-testing company 23andMe has agreed to pay a $30 million settlement after a class-action lawsuit was brought against the company for last year's data breach.
The settlement, which is pending a judge's approval, comes after the company confirmed in October that "threat actors" used about 14,000 accounts, approximately 0.1% of the company's user base, to access the ancestry data of 6.9 million connected profiles. Leaked data included users' account information, location, ancestry reports, DNA matches, family names, profile pictures, birthdates and more.
While 23andMe confirmed the existence of the breach in October, it did not reveal the full extent of the issue until December. A class-action suit was filed in San Francisco the following month, accusing 23andMe of failure to amply protect users' personal information. It also accused 23andMe of neglecting to notify certain users that data from people with Chinese or Ashkenazi Jewish heritage appeared to be targeted in the breach.
Here's what to know about the breach and the class-action suit.
Class-action lawsuit
The class-action lawsuit filed in January accuses 23andMe of inadequately protecting user data and failing to notify affected parties in time, among other complaints.
Terms of the settlement include payment to those affected by the security incident to cover expenses like those incurred fighting identity theft, installing physical security systems, or seeking mental health treatment; payments to those living in states with genetic privacy laws; payments to all those who had health information leaked; and three years of access to state of the art "Privacy & Medical Shield + Genetic Monitoring" for all settlement members who enroll.
The company admitted to no wrongdoing as part of the agreement to pay $30 million to affected parties.
As of Monday, a judge still has to approve the deal. If approved, more information will be released for affected parties looking to get in on the legal action.
"We have executed a settlement agreement for an aggregate cash payment of $30 million to settle all U.S. claims regarding the 2023 credential stuffing security incident," 23andMe told USA TODAY in a statement. "We continue to believe this settlement is in the best interest of 23andMe customers, and we look forward to finalizing the agreement."
The company also said that roughly $25 million of the settlement and related legal expenses are expected to be covered by cyber insurance coverage.
23andMe data breach
In October, 23andMe said via its website that an outside entity had stolen information from customers using its DNA Relatives feature. The company temporarily disabled the service, saying it believed "threat actors" had gained access using a technique called credential stuffing, in which they used usernames and passwords that had already been exposed via other websites' data breaches or otherwise became available.
“We believe threat actors were able to access certain accounts in instances where users recycled login credentials – that is, usernames and passwords that were used on 23andMe.com were the same as those used on other websites that have been previously hacked,” 23andMe wrote on its website at the time.
In December, 23andMe revealed the extent of the breach, saying ancestry data of 6.9 million people had been affected, 5.5 million of whom were users who opted into 23andMe's "Relatives" feature, which links people with common DNA. Another 1.4 million users also had their family tree information accessed.
"We do not have any indication that there has been a breach or data security incident within our systems, or that 23andMe was the source of the account credentials used in these attacks," a company spokesperson said in an email at the time.
What was exposed in the data breach?
The accessed data contained personal and family information according to the company, including:
DNA relatives' profile information
- Display name
- How recently they logged into their account
- Their relationship labels
- Their predicted relationship and percentage DNA shared with their DNA Relatives matches
- Their ancestry reports and matching DNA segments, specifically where on their chromosomes they and their relative had matching DNA
- Self-reported location (city/zip code)
- Ancestor birth locations and family names
- Profile picture, birth year
- A weblink to a family tree they created, and anything else they may have included in the “Introduce yourself” section of the profile
Family tree information
- Display name
- Relationship labels
- Birth year
- Self-reported location (city/zip code)
Contributing: Amaris Encinas and James Powel, USA TODAY
veryGood! (344)
Related
- Song Jae-lim, Moon Embracing the Sun Actor, Dead at 39
- Snorkeler survives crocodile attack by prying its jaws off of his head
- Vanderpump Rules' Raquel Leviss' Restraining Order Against Scheana Shay Officially Dropped
- Why the water in Venice's Grand Canal turned fluorescent green
- Denver district attorney is investigating the leak of voting passwords in Colorado
- Jewish Matchmaking: Get a First Look at Your New Netflix Obsession
- 90 Day Fiancé Sneak Peek: Jen Says She's Disgusted After Rishi Sends Shirtless Pic to a Catfish
- Prince Harry, in U.K. court for phone hacking trial, blasts utterly vile actions of British tabloids
- RHOBH's Erika Jayne Reveals Which Team She's on Amid Kyle Richards, Dorit Kemsley Feud
- First Daughter Ashley Biden Reveals Her Mantra For Dealing with Criticism of Her Family
Ranking
- Taylor Swift Becomes Auntie Tay In Sweet Photo With Fellow Chiefs WAG Chariah Gordon's Daughter
- Amanda Kloots Recalls Dropping Nick Cordero Off at Hospital Nearly 3 Years After His Death
- Austin Butler Proves He’s Keeping Elvis Close on Sweet Outing With Kaia Gerber
- Your First Look at Summer House's All-Black Spinoff Martha's Vineyard
- More than 150 pronghorns hit, killed on Colorado roads as animals sought shelter from snow
- Ulta 24-Hour Flash Sale: Take 50% Off First Aid Beauty, Tula, Morphe, Bobbi Brown, and It Cosmetics
- Gwyneth Paltrow Speaks Out After Court Victory in Ski Crash Case
- Joran van der Sloot, Natalee Holloway murder suspect, severely beaten in Peru prison, lawyer says
Recommendation
-
Quincy Jones laid to rest at private family funeral in Los Angeles
-
Most-Shopped Celeb-Recommended Items This Month: Drew Barrymore, Sydney Sweeney, Lala Kent, and More
-
Debate over possible Putin visit heats up in South Africa amid U.S. concern over BRICS intentions
-
Why Women Everywhere Love Dani Marie's Sustainable, Plus-Sized Fashion
-
Elon Musk says 'SNL' is 'so mad' Trump won as he slams Dana Carvey's impression
-
Switzerland was Tina Turner's longtime home. Why did the star leave the U.S.?
-
20 Egg-Cellent Easter Basket Gifts That Aren't Candy
-
A Japanese lunar lander crashed into the moon. NASA just found the evidence.