/cdn.vox-cdn.com/uploads/chorus_asset/file/25619564/1230927570.jpg?w=696&resize=696,0&ssl=1 "23andMe settles lawsuit with million payout")
The Impact of 23andMe Data Breach and Subsequent Settlement
23andMe disclosed the data breach last October, but it didn’t confirm the overall impact until December. Customers using the DNA Relatives feature may have had information like names, birth years, and ancestry information exposed through the breach. At the time, 23andMe attributed the hack to credential stuffing, a tactic that involves logging in to accounts using recycled logins exposed in previous security breaches.
The Fallout from the Data Breach
The breach dealt a big blow to the already struggling company. As 23andMe’s stock price continued to crater, 23andMe CEO Anne Wojcicki attempted to take the company private earlier this year, but the special committee rejected the offer last month. The settlement mentions concerns surrounding the company’s finances, saying, “Any litigated judgment significantly more than the Settlement is likely to be uncollectable.” In a statement to The Verge, 23andMe spokesperson Katie Watson said the company expects cyber insurance to cover $25 million of the settlement:
We have executed a settlement agreement for an aggregate cash payment of $30 million to settle all U.S. claims regarding the 2023 credential stuffing security incident. Counsel for the plaintiffs have filed a motion for preliminary approval of this settlement agreement with the court. Roughly $25 million of the settlement and related legal expenses are expected to be covered by cyber insurance coverage. We continue to believe this settlement is in the best interest of 23andMe customers, and we look forward to finalizing the agreement.
The Future of 23andMe
The proposed settlement still needs approval from the judge.
FAQs About the 23andMe Data Breach
Q: What information was exposed in the data breach?
A: Names, birth years, and ancestry information of customers using the DNA Relatives feature were exposed.
Q: How did 23andMe handle the aftermath of the breach?
A: The company disclosed the breach, attributed it to credential stuffing, and initiated a settlement to address the impact.
Q: What is the expected outcome of the settlement?
A: The $30 million settlement is expected to cover all U.S. claims related to the 2023 security incident, with cyber insurance likely covering $25 million of the total amount.
Q: What are the implications for 23andMe moving forward?
A: The fallout from the breach has led to financial concerns and a failed attempt to take the company private, highlighting challenges for the company’s future.
Credit: www.theverge.com
