Reuters reported Friday that genetics testing company 23andMe has agreed to pay a $30 million settlement after a hack exposed 6.9 million customers’ personal information to the dark web. The company will also pay for three years of security monitoring for affected customers.
The class action lawsuit alleged that 23andMe failed to alert customers with Ashkenazi Jewish and Chinese ancestry that their personal data was posted for sale and that they may have been specially targeted in the April 2023 breach.
Related: 23andMe Hackers Selling Stolen User Data, Including DNA Profiles of ‘Celebrities,’ on Dark Web
23andMe said the settlement was “fair, adequate, and reasonable” in a court filing, per Reuters.
In a Dec. 2023 blog post addressing the hack, the company said the attack started in April 2023 and lasted about five months. At the time, 23andMe had around 14.1 million customers in its system. The company said the hack affected at least half of the database.
Who is eligible to claim money?
According to court documents, affected users can claim anywhere from $100 up to $10,000 for the most “extraordinary” cases. If the settlement gets final approval, instructions will be provided on how to file for reimbursement.
Customers in Alaska, California, Illinois, and Oregon are subject to “genetic privacy laws with statutory damages provisions” and can only claim $100, per PCMag.
Read the full article here
