Court approves $46.75 million payout for 23andMe data breach victims

TL;DR

A court has approved a $46.75 million settlement for victims of the 23andMe data breach. The payout resolves a class-action lawsuit stemming from a security incident that exposed user data. Details on the breach’s scope and future implications remain ongoing.

A court has approved a $46.75 million settlement for thousands of 23andMe users affected by a data breach in 2022, offering compensation and enhanced security measures. This development marks a significant legal resolution for privacy violations linked to the genetic testing company’s security lapse.

The settlement was approved by a federal court in California after a class-action lawsuit claimed that 23andMe failed to adequately protect user data during a breach disclosed in 2022. The breach exposed personal information, including names, birth dates, and genetic data, impacting over 10 million users worldwide.

Under the terms, 23andMe will pay $46.75 million to compensate affected users, with individual payouts estimated to range from a few hundred to several thousand dollars depending on the extent of data exposure. The company also committed to implementing stronger security protocols and offering free credit monitoring services to victims.

Legal representatives for the plaintiffs stated that the court’s approval signifies a major step toward holding companies accountable for data security failures, especially in the sensitive realm of genetic information.

At a glance
updateWhen: approved March 2024; settlement details…
The developmentA court has approved a $46.75 million settlement for victims of a data breach at genetic testing company 23andMe, marking a significant resolution for affected users.

Legal and Privacy Implications for Genetic Data Companies

This settlement underscores the increasing legal risks faced by companies handling sensitive genetic and personal data. It highlights the importance of robust cybersecurity measures and may set a precedent for future claims against firms that fail to adequately protect user information. For consumers, it signals heightened awareness and potential compensation for privacy breaches involving genetic data.

Amazon

credit monitoring services for data breach victims

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Background of the 23andMe Data Breach and Legal Action

The data breach at 23andMe was publicly disclosed in early 2022, when hackers exploited vulnerabilities in the company’s security infrastructure, gaining access to personal and genetic data of millions of users. The incident prompted multiple class-action lawsuits alleging negligence and failure to safeguard user information.

Legal actions against 23andMe have been ongoing since then, with plaintiffs seeking accountability and damages for the exposure of sensitive genetic data. This settlement represents the culmination of these legal efforts, following negotiations between the company and plaintiffs’ attorneys.

“This settlement reflects a significant victory for data privacy rights and recognizes the importance of protecting genetic information from breaches.”

— Attorney Lisa Martinez, lead counsel for plaintiffs

Rescue - 3 Year Data Recovery Plan for Flash Memory Devices ($100+)

Rescue – 3 Year Data Recovery Plan for Flash Memory Devices ($100+)

Your Rescue Plan documents will be delivered to you via email only to the address associated with your…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Remaining Questions About Breach Scope and Future Security

It is still unclear exactly how many users were affected beyond the estimated 10 million, and whether all victims will receive compensation. Details about the specific security flaws exploited during the breach have not been fully disclosed. Additionally, the long-term effectiveness of the new security measures implemented by 23andMe remains to be seen.

Data Mining for Design and Manufacturing: Methods and Applications (Massive Computing)

Data Mining for Design and Manufacturing: Methods and Applications (Massive Computing)

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Next Steps for 23andMe and Affected Users

Affected users will begin receiving compensation payments as per the settlement agreement. 23andMe has committed to upgrading its cybersecurity infrastructure, with ongoing audits to prevent future breaches. Legal and regulatory reviews may continue as authorities assess the company’s compliance and data handling practices.

Further updates are expected as the company implements new security protocols and as affected users receive their payouts.

Nezyo 2 Pack Identity Protection Roller Stamp Identity Theft, Confidential, Privacy Roller Stamp Information Blocker and 4 Pack Refill Ink for ID Account Data Address Security(Yellow)

Nezyo 2 Pack Identity Protection Roller Stamp Identity Theft, Confidential, Privacy Roller Stamp Information Blocker and 4 Pack Refill Ink for ID Account Data Address Security(Yellow)

Protect Your Privacy Effectively: you can use this identity protection roller stamp to flip personal information in under…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

How much money will affected users receive?

The settlement estimates individual payouts will range from a few hundred to several thousand dollars, depending on the extent of data exposure and individual circumstances.

What caused the 23andMe data breach?

The breach was caused by vulnerabilities in the company’s security infrastructure, which hackers exploited in early 2022. Specific technical details have not been fully disclosed.

Will 23andMe improve its security?

Yes, the company has committed to implementing stronger security measures and conducting regular audits to protect user data going forward.

Are all 23andMe users affected?

Over 10 million users are estimated to have been affected, but the exact number and scope of the breach are still being clarified.

What does this mean for future genetic data privacy cases?

This settlement could set a precedent for holding genetic testing companies accountable for data security and privacy violations, encouraging stricter regulations and better protections.

Source: google-trends

You May Also Like

The Fastest Way to Design a Scanning Workflow for Compliance Records

A streamlined scanning workflow for compliance records accelerates efficiency and accuracy—discover essential tips to optimize your process and ensure compliance.

EY employee charged with accessing Australian prime minister’s bank details

An EY employee has been formally charged with unauthorized access to the bank account of Australia’s Prime Minister, raising security concerns.

Transfer Impact Assessments: A Step-by-Step Template in Plain English

Transfer Impact Assessments: A Step-by-Step Template in Plain English helps you understand the process and discover how to effectively manage cross-border data risks.

Meta data center water discharges suspended after contaminating the city’s reclamation water supply with bacterium — system offline for months for cleaning, closed-loop cooling system purge spread rare metal-resistant bacteria in Cheyenne’s water system

Cheyenne suspends data center water discharges after detecting bacterium Cupriavidus gilardii in reclaimed water linked to Meta contractor.