A Deep Dive into the $30 Million Settlement Following a Major Data Leak
Nearly 7 million 23andMe customers had their personal information exposed in a significant data breach. This led to a class-action lawsuit, resulting in a proposed $30 million settlement that could see affected individuals receive payouts of up to $10,000.
The 23andMe Data Breach and the Lawsuit
In October 2023, 23andMe disclosed a data breach that originated in April 2023. The full extent of the breach wasn’t revealed until December, revealing that approximately half of their 14 million users – roughly 6.9 million individuals – had their personal information compromised. This included details from users of both DNA Relatives profiles (5.5 million) and Family Tree (1.4 million) services.
The breach prompted a class-action lawsuit filed in January 2024, accusing 23andMe of failing to adequately protect user data and specifically highlighting the targeting of users with Chinese or Ashkenazi Jewish ancestry, whose data was allegedly spread on the dark web. The lawsuit claimed 23andMe did not adequately notify these affected customers.
A 23andMe spokesperson stated, “We have executed a settlement agreement for an aggregate cash payment of $30 million to settle all US claims regarding the 2023 credential stuffing security incident. We continue to believe this settlement is in the best interest of 23andMe customers, and we look forward to finalizing the agreement.”
Who is Eligible for the 23andMe’s Data Breach Settlement?
To be eligible for the proposed settlement, individuals must meet several criteria:
- US Residency: They must have been a US resident on August 11, 2023.
- Data Exposure: Their data must have been compromised in the data breach. This includes users of both DNA Relatives and Family Tree services.
The settlement specifically addresses residents of Alaska, California, Illinois, and Oregon, who may receive approximately $100 due to those states’ genetic privacy laws containing damages provisions. A smaller subset of users whose health information was impacted will also receive a $100 payment.
Settlement Payout Amounts and Additional Benefits
The settlement offers a tiered payout structure:
- Extraordinary Claim: Users who can demonstrate significant hardships directly resulting from the data breach, such as unreimbursed costs from identity fraud, falsified tax returns, purchasing security systems, or mental health treatment, could receive up to $10,000.
- Standard Payments: As previously mentioned, residents of Alaska, California, Illinois, and Oregon, and those whose health information was compromised, will receive a $100 payment.
In addition to monetary compensation, 23andMe will provide affected users with three years of access to Privacy Shield, a security monitoring service offering web and dark web monitoring.
Applying for the 23andMe Data Breach Settlement
Currently, there is no application process available. We will provide updates as they become available. The settlement is still pending preliminary court approval.
