Massive Settlement Reached in 23andMe Data Breach Lawsuit

In a landmark decision, 23andMe has agreed to a $30 million settlement to address a massive data breach that compromised the personal information of 6.9 million customers. The breach, which occurred over a five-month period starting in April 2023, resulted in hackers gaining access to sensitive data, prompting the company to offer three years of security monitoring to those affected.

The settlement, which is pending final approval from the judge, includes cash payments to customers whose data was compromised, as well as enrollment in a privacy and security monitoring program. 23andMe described the settlement as fair and reasonable, citing its uncertain financial condition and the need to protect its customers.

The cyberattack affected nearly half of the company’s 14.1 million customers at the time, with hackers accessing DNA profiles and family tree data. In response to the breach, the plaintiffs’ lawyers have expressed satisfaction with the settlement, noting the risks associated with further litigation given 23andMe’s financial struggles.

The case, titled In re 23andMe Inc Customer Data Security Breach Litigation, is currently being heard in federal court in San Francisco. The plaintiffs’ legal team may seek up to 25% of the settlement amount in legal fees.

As 23andMe grapples with financial challenges, its co-founder and Chief Executive Anne Wojcicki has been exploring options to take the company private. The company’s shares have significantly dropped since its initial public offering, underscoring the impact of the data breach on its operations.