Skip to main content
U.S.

23andMe agrees to $30 million settlement after major data breach

Share

This report was created with support from enhanced software.


Genetic testing company 23andMe has agreed to a $30 million settlement after a data breach exposed the personal information of approximately 6.9 million customers. The breach, which went undetected for five months, compromised users’ names, birth years, genders, ancestry reports, and raw genotype data, with hackers specifically focusing on customers of Chinese and Ashkenazi Jewish descent.

Media Landscape

See who else is reporting on this story and which side of the political spectrum they lean. To read other sources, click on the plus signs below. Learn more about this data
Left 21% Center 43% Right 36%
Bias Distribution Powered by Ground News

U.S. intelligence agencies recently identified foreign actors, particularly Russia and China, as key perpetrators behind multiple sophisticated cyber threats targeting critical infrastructure and personal information in the United States.

The hacker has only been identified as “Golem,” and shared victims’ personal information on an online forum used by cybercriminals, The New York Times reported.

QR code for SAN app download

Download the SAN app today to stay up-to-date with Unbiased. Straight Facts™.

Point phone camera here

As a part of the settlement, 23andMe will compensate affected customers and provide free access to a security monitoring program for three years. The company expects cyber insurance to cover $25 million of the $30 million total settlement.

23andMe said it will conduct annual cybersecurity audits and maintain a dedicated data breach incident response plan. The company is also ceasing to store personal information for inactive or deactivated accounts to minimize data retention risks.

The genetic testing company denies any wrongdoing and the settlement is still pending approval by a judge.

Tags: , , , , , ,

LAUREN TAYLOR: GENETIC TESTING COMPANY, 23ANDME, HAS AGREED TO A $30 MILLION SETTLEMENT FOLLOWING A DATA BREACH THAT EXPOSED PERSONAL INFORMATION OF APPROXIMATELY 6.9 MILLION CUSTOMERS.

THE BREACH, WHICH WENT UNDETECTED FOR FIVE MONTHS, COMPROMISED
USERS’ NAMES, BIRTH YEARS, GENDERS, ANCESTRY REPORTS, AND RAW GENOTYPE DATA, WITH HACKERS SPECIFICALLY FOCUSING ON CUSTOMERS OF CHINESE AND ASHKENAZI JEWISH DESCENT.

U.S. INTELLIGENCE AGENCIES RECENTLY IDENTIFIED FOREIGN ACTORS, PARTICULARLY RUSSIA AND CHINA, AS KEY PERPETRATORS BEHIND MULTIPLE SOPHISTICATED CYBER THREATS TARGETING CRITICAL INFRASTRUCTURE AND PERSONAL INFORMATION IN THE UNITED STATES.

THE HACKER HAS ONLY BEEN IDENTIFIED AS “GOLEM” – AND SHARED VICTIMS PERSONAL INFORMATION ON AN ONLINE FORUM USED BY CYBERCRIMINALS, THE NEW YORK TIMES REPORTED.

AS A PART OF THE SETTLEMENT, 23ANDME WILL COMPENSATE AFFECTED CUSTOMERS AND PROVIDE FREE ACCESS TO A SECURITY MONITORING PROGRAM FOR THREE YEARS.

THE COMPANY EXPECTS CYBER INSURANCE TO COVER $25 MILLION OF THE $30 MILLION TOTAL SETTLEMENT.

23ANDME SAYS IT WILL CONDUCT ANNUAL CYBERSECURITY AUDITS AND MAINTAIN A DEDICATED DATA BREACH INCIDENT RESPONSE PLAN.

23ANDME IS CEASING TO STORE PERSONAL INFORMATION FOR INACTIVE OR DEACTIVATED ACCOUNTS TO MINIMIZE DATA RETENTION RISKS.

THE GENETIC TESTING COMPANY DENIES ANY WRONGDOING AND THE SETTLEMENT IS STILL PENDING APPROVAL BY A JUDGE.