{"id":25205,"date":"2024-09-16T06:10:14","date_gmt":"2024-09-16T14:10:14","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2024\/09\/16\/news-18935\/"},"modified":"2024-09-16T06:10:14","modified_gmt":"2024-09-16T14:10:14","slug":"news-18935","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/09\/16\/news-18935\/","title":{"rendered":"23andMe to pay $30 million in settlement over 2023 data breach"},"content":{"rendered":"\n

Genetic testing company 23andMe will pay $30 million<\/a> to settle a class action lawsuit over a 2023 data breach which ended in some customers having information like names, birth years, and ancestry information exposed.<\/p>\n

In October 2023, we reported<\/a> on how information belonging to as many as seven million 23andMe customers turned up for sale on criminal forums following a credential stuffing attack against 23andMe.<\/p>\n

23andMe said that cybercriminals had stolen profile information that users had shared through its DNA Relatives feature, an optional service that lets customers find and connect with genetic relatives.<\/p>\n

In December 2023, 23andMe admitted that some genetic and health data might have been accessed<\/a> during that breach. To dodge responsibility, the company wrote a letter to legal representatives of those affected by the breach, laying the blame at the feet of victims<\/a> themselves.<\/p>\n

23andMe also neglected to tell customers with Chinese and Ashkenazi Jewish ancestry that the cybercriminal appeared to have specifically targeted them, posting their information for sale on the dark web<\/a>.<\/p>\n

In January 2024, customers filed a class action lawsuit against 23andMe<\/a> in a San Francisco court, alleging the company failed to protect their privacy. The result of that lawsuit is the settlement.<\/p>\n

What immediately jumped out in the settlement is the title of one of the chapters:<\/p>\n

\n

\u201cTHE SETTLEMENT IS THE RESULT OF ZEALOUS ADVOCACY AND SKILLFUL NEGOTIATION\u201d<\/p>\n<\/blockquote>\n

What does that mean? Well, the $30 million is apparently all that 23andMe can afford to pay. And that’s only because the expectation is that cyberinsurance will cover $25 million.<\/p>\n

The market value of the company has plummeted, and revenue declined. This decline had already set in prior to the incident, but it definitely didn\u2019t help to improve the situation.<\/p>\n

The court has not yet approved the settlement, but it’s expected that 23andMe will pay $30 million into a fund for customers whose data was compromised, as well as provide them with identity and genetic monitoring.<\/p>\n

Other countries, like Canada and the UK have announced they will undertake a joint investigation into the data breach.<\/p>\n

According to Malwarebytes\u2019 data, over 3 million people were affected by the data breach, so none of the victims should expect to get rich because of this settlement.<\/p>\n

On the dark web, the data is offered for sale in three separate data sets. A general set that includes 2,763,569 records, one belonging to Ashkenazi-based users (835,708 records), and one allegedly belonging to China-based users of 23andMe (68,541 records).<\/p>\n

Check your digital footprint<\/h2>\n

If you want to find out if your personal data was exposed through this breach, you can use our free Digital Footprint scan<\/a>. Fill in the email address you\u2019re curious about (it\u2019s best to submit the one you used to register and 23andMe) and we\u2019ll send you a free report.<\/p>\n

\n
\n
\n

<\/a>SCAN NOW<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n

\n

We don’t just report on threats – we help safeguard your entire digital identit<\/strong>y<\/p>\n

Cybersecurity risks should never spread beyond a headline. Protect your\u2014and your family’s\u2014personal information by using identity protection<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Genetic testing company 23andMe will pay $30 million over a 2023 data breach which ended in millions of customers having data exposed. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[20260,32,5897,31915,15293],"class_list":["post-25205","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-23andme","tag-news","tag-privacy","tag-privacy-and-mediacl-shield-genetic-monitoring","tag-settlement"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25205","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=25205"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25205\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=25205"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=25205"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=25205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}