23andMe Reaches $30 Million Settlement in Data Breach Lawsuit

In a landmark decision, 23andMe has agreed to a $30 million settlement to resolve a lawsuit stemming from a massive data breach that affected 6.9 million customers. The breach, which spanned five months starting in April 2023, exposed sensitive personal information and prompted the genetic testing company to offer three years of security monitoring to those impacted.

The settlement, subject to final approval from a federal judge in San Francisco, includes cash payments to affected customers and enrollment in a Privacy & Medical Shield + Genetic Monitoring program for added protection. Notably, the cyberattack compromised data from nearly half of the 14.1 million customers in 23andMe’s database, including DNA Relatives profiles and Family Tree data.

23andMe’s response to the breach has been swift, with the company deeming the settlement fair and reasonable in light of its financial challenges. CEO Anne Wojcicki has been pushing to take the company private as its stock value plummets, citing a loss of $69.4 million on $40.4 million in revenue for the quarter ending June 30.

The case, titled In re 23andMe Inc Customer Data Security Breach Litigation, is being closely watched as a bellwether for data privacy and cybersecurity. The plaintiffs’ legal team may seek up to 25% of the settlement amount in legal fees, underscoring the significance of this milestone resolution in the ongoing battle to protect consumer data.