Breach

23andMe agrees to $18 million settlement over data breach

A logo sign outside of the headquarters of 23andMe.

Genetic testing company 23andMe has agreed to pay $18 million to settle claims from a coalition of 43 attorneys general regarding its failure to adequately protect customer genetic data. The settlement follows a significant data breach disclosed in October 2023, based on information published by Bleeping Computer.

The breach, which occurred between April and September 2023, was the result of credential-stuffing attacks that compromised the data of 6.9 million customers, including sensitive genetic ancestry information. Some of this data was later offered for sale on the dark web. A multistate investigation found that 23andMe lacked basic safeguards against cyberattacks, such as password blocklisting and multifactor authentication, and failed to address unusual login activity.

The settlement imposes new security requirements on the company, including a data security advisory board and risk analysis protocols.

Source: Bleeping Computer

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Attack Vector

You can skip this ad in 5 seconds