"23andMe settles data breach lawsuit for $30 million" September 13 2024

23andMe will pay $30 million and provide three years of security monitoring to settle a lawsuit accusing the genetics testing company of failing to protect the privacy of 6.9 million customers whose personal information was exposed in a data breach last year.

The accord also resolves accusations that 23andMe did not tell customers with Chinese and Ashkenazi Jewish ancestry that the hacker appeared to have specifically targeted them, and posted their information for sale on the dark web.

It includes cash payments for customers whose data was compromised, and lets customers enroll for three years in a program known as Privacy & Medical Shield + Genetic Monitoring.

In a Friday court filing, 23andMe called the settlement fair, adequate and reasonable.

In a statement, 23andMe said it believes the settlement is in its customers' best interest. It also expects about $25 million of the cost to be covered by cyber insurance coverage.

Lawyers for the plaintiffs said the settlement addressed their clients' main claims, and reflected significant risks of further litigation given 23andMe's "dire" finances.