23andMe Agrees to $30 Million Settlement Over Data Breach Impacting 6.9 Million Customers

 

23andMe has agreed to pay $30 million and provide three years of security monitoring as part of a settlement to resolve a lawsuit alleging the genetics testing company failed to safeguard the personal data of 6.9 million customers compromised in a data breach last year.
The settlement also addresses claims that 23andMe did not inform customers of Chinese and Ashkenazi Jewish descent that they were specifically targeted by the hacker, who allegedly sold their data on the dark web.
Filed late Thursday in a federal court in San Francisco, the proposed class action settlement awaits approval from a judge. It includes financial compensation for affected customers and offers enrollment in the Privacy & Medical Shield + Genetic Monitoring program for three years.
In a court filing on Friday, 23andMe described the settlement as fair and reasonable. The company also requested the suspension of arbitration cases initiated by tens of thousands of class members until the settlement is approved or they opt out.
The company stated the settlement serves its customers’ best interests, with $25 million of the settlement likely to be covered by cyber insurance.
The breach, which occurred between April and September 2023, impacted nearly half of 23andMe’s 14.1 million custom

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: