army judge
Super Moderator
DNA testing firm 23andMe has agreed to pay $30 million to settle a lawsuit after the company suffered a massive data breach last year that leaked the personal information of 6.9 million customers. According to the lawsuit, the company also failed to tell customers that hackers specifically targeted people with Chinese and Ashkenazi Jewish ancestry and sold the info on the dark web.
The preliminary settlement, filed Thursday in San Francisco federal court, must still be approved by a judge. In addition to cash payments to customers' whose data was compromised, the company will also pay for three years of security monitoring.
The company said Friday in a court filing that the settlement was "fair, adequate, and reasonable."
The breach, disclosed in October of last year, began around April 2023 and affected nearly half of the company's 14.1 million customers at the time.
The company said the hacker first breached some 14,000 accounts and was then able to gain access to 5.5 million DNA Relatives profiles, which then let them access the info of an additional 1.4 million customers via another feature.
The $30 million settlement likely won't go towards paying all the affected victims. The settlement proposes offering up to $10,000 for customers who file an "extraordinary claim" that shows they suffered financial fraud as a result of the breach. Payments for extraordinary claims are capped at $5 million.
Meanwhile, at least a quarter of the $30 million is expected to go towards attorney fees.
