Last month, 23andMe settled a $30 million class-action lawsuit after a data breach exposed the personal information of roughly half of its userbase. The San Francisco-based company announced in October 2023 that hackers had accessed customer information, but the full extent of the breach was not confirmed until December. The lawsuit was filed in January, accusing 23andMe of failing to protect its customers adequately. As part of the settlement, the company will provide up to $10,000 to qualifying customers based on the hardships they incurred and offer various security services. The independent directors of the company’s board resigned following the breach, raising concerns about the company’s ability to protect personal data.
The settlement will cover approximately 6.9 million 23andMe users who were impacted by the data breach, including those who were residents of the US on August 11, 2023. This includes 5.5 million users of the DNA Relatives profiles and 1.4 million users of the Family Tree service. Qualified users may receive up to $10,000 for “Extraordinary Claims” if they can verify hardships resulting from the breach, such as identity fraud or unreimbursed costs. Residents of specific states with genetic privacy laws may also be eligible for payments around $100. Additionally, a subset of users whose personal health information was impacted may receive $100. The settlement also includes three years of a security monitoring service called Privacy Shield for impacted users.
As of now, there is no process in place for users to apply for payments as part of the proposed settlement. Updates on the application process will be provided as they become available. The settlement aims to address the concerns raised by the data breach and provide compensation to affected users. It is essential for users to meet the criteria outlined in the settlement to be eligible for payments. Additionally, the settlement includes provisions for security monitoring services to help protect users’ information in the future. The aftermath of the data breach has highlighted the importance of companies safeguarding personal data and taking responsibility for breaches that compromise user information.
Overall, the settlement with 23andMe serves as a response to the data breach that exposed the personal information of millions of users. The company has agreed to pay $30 million and provide compensation to qualifying customers based on their hardships. Users impacted by the breach can expect to receive payments depending on the extent of the damages they suffered. The settlement also includes security monitoring services to help prevent future breaches and protect user information. It is crucial for affected users to stay informed about the settlement process and any updates regarding payments. The incident underscores the significance of data protection and the responsibility companies have in safeguarding user information from potential breaches.
