23andMe settled a $30 million class-action lawsuit last month after a data breach exposed the personal information of roughly half of its 14 million users. The breach, which began in April 2023, led to distrust of the popular ancestry service as users’ data was compromised. The lawsuit accused 23andMe of not doing enough to protect its customers, particularly those with Chinese or Ashkenazi Jewish ancestry whose data was targeted and spread on the dark web. The settlement will provide up to $10,000 to qualifying customers, along with security services.
The settlement will cover approximately 6.9 million 23andMe users who were impacted by the data breach. To qualify for the settlement, users must have been residents of the US on Aug. 11, 2023. The 6.9 million affected users include those who used DNA Relatives profiles and Family Tree services on 23andMe. Those who can verify hardships resulting from the breach, such as identity fraud or tax issues, may be eligible for up to $10,000 in compensation. Residents of Alaska, California, Illinois, and Oregon with genetic privacy laws can also apply for payments, expected to be around $100.
In addition to monetary compensation, 23andMe will offer impacted users three years of a security monitoring service called Privacy Shield, which includes web and dark web monitoring. Users whose personal health information was compromised in the breach may also apply for a $100 payment. However, there is currently no way to apply for the settlement, and updates on this process will be provided as they become available. This settlement serves as a response to the breach and aims to address the concerns raised about the security of personal data on 23andMe’s platform.
Despite the settlement, the incident has raised questions about data security and privacy protection in the digital age. The data breach exposed sensitive information about millions of users, highlighting the risks associated with sharing personal data online. Companies like 23andMe must take steps to enhance their security measures and rebuild trust with their user base. The settlement serves as a way to compensate affected individuals for the hardships they experienced as a result of the breach and to provide additional security services to protect against future incidents.
The fallout from the 23andMe data breach has also led to changes within the company, with the resignation of independent directors from the board. This incident serves as a reminder of the importance of data protection and the need for companies to prioritize cybersecurity. As technology continues to advance and more personal data is shared online, it is crucial for businesses to invest in robust security measures to safeguard user information. The settlement represents a step towards accountability and compensation for those affected by the breach, as well as a commitment to improving data security practices in the future.
