Genetic testing company 23andMe has agreed to pay $18 million to settle claims from a coalition of 43 attorneys general regarding its failure to adequately protect customer genetic data. The settlement follows a significant data breach disclosed in October 2023, based on information published by Bleeping Computer.The breach, which occurred between April and September 2023, was the result of credential-stuffing attacks that compromised the data of 6.9 million customers, including sensitive genetic ancestry information. Some of this data was later offered for sale on the dark web. A multistate investigation found that 23andMe lacked basic safeguards against cyberattacks, such as password blocklisting and multifactor authentication, and failed to address unusual login activity.The settlement imposes new security requirements on the company, including a data security advisory board and risk analysis protocols.Source: Bleeping Computer
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
Attack VectorYou can skip this ad in 5 seconds




