As you may remember, last year, we reported on 23andMe getting hit by a cyber-attack that affected a huge percentage of its user base. The biotechnology company was then impacted by a class action lawsuit and agreed to pay the affected victims $30 million in compensation.
The hackers used ‘credential stuffing’ techniques to access the genomic profiles of thousands of people. After the security incident, the cyber criminals ended up selling the stolen information on the dark web. The stolen data contained sensitive details of approximately seven million 23andMe users. Including delicate ethnic groups such as Chinese or Ashkenazi Jewish, who the bad actors explicitly targeted.
Class Action Lawsuit and Settlement Details
After a year of negotiations and court battles, the California-based personal genomics company has agreed to pay victims in two main tiers.
Extraordinary Claims and Standard Claims
Users who wish to submit an “Extraordinary Claim” will be eligible for payouts of up to $10,000. They will be asked to provide evidence that they’ve suffered hardships as a result of the cyber security breach. Any inconvenience believed to have been caused by the cyber-attack could be included. The rest of the claimants will be able to receive up to $100 should they wish to file a claim. Claimants must have resided in the USA on August 11th, 2023, to qualify for a payout.
Ongoing Privacy Concerns with 23andMe
Even though the settlement has been agreed upon, the San Francisco-based organization has not made life easier for its user base, who wanted a way out. Users already had to deal with seeing personal sensitive information still being passed around on the dark web. Only to realize that 23andMe does not offer full deletion of account profiles either.
Even if a user deletes their account, 23andMe still retains the user’s genetic information, date of birth, and gender. As required by federal and state government agencies.
Additional Compensation and Services for 23andMe Victims
The settlement money is not the only thing 23andMe users could potentially get as a result of the class action lawsuit. The San Francisco company has also agreed to provide three years of credit monitoring service.
Victims of the 23andMe data breach settlement will soon be able to file a claim and learn more about who qualifies for payment on the official settlement page. The website is inactive, but its URL has been confirmed, and it is expected to start operating soon.
The post Genomics company 23andMe to pay up to $10,000 per person to victims of data breach appeared first on Panda Security Mediacenter.
Article Link: 23andMe Settles Cyber-Attack Lawsuit: $30 Million- Panda Security