23andMe Will Pay $30 Million To Settle Lawsuit Over 2023 Data Breach

Genetics testing company 23andMe has settled a proposed lawsuit over a 2023 data breach involving 6.9 million customers. The company will shell out $30 million as well as pay for a security monitoring service.

According to documents filed late last week, 23andMe will give cash payments to customers whose data was stolen. Affected customers can also sign up for a service called Privacy & Medical Shield + Genetic Monitoring, which will conduct complimentary cybersecurity audits for three years.

In addition, customers will be directed to a website that provides information on how to claim settlement funds and initiate payments. Users will also have an option to remove all their data from 23andMe.

While 23andMe denies any wrongdoing, the settlement is part of a request by the company to stop a potential class action lawsuit filed in a San Francisco federal court. In court documents, 23andMe called the agreement “fair, reasonable and adequate” and in the “best interest” of customers.

Roughly $25 million of the settlement will be covered by cyber insurance. Speaking for the plaintiffs, attorneys noted the settlement, which still needs a judge’s approval, addresses the main claims laid out in the lawsuit.

It was revealed in October of last year that a hacker got a hold of the DNA Relatives profiles of 5.5 million customers as well as personal information about 1.4 million customers using a 23andMe feature called Family Tree. The hacker supposedly breached customer accounts as early as April 2023 and had unfettered access until at least September the same year. Reportedly, the bad actor specifically targeted customers of Chinese and Ashkenazi Jewish ancestry.

If the settlement is not approved and ligation continues, it would only further inflame 23andMe’s already critical financial situation. In the most recent quarter, which ended on June 30, the company lost $69 million, down 34% from the same period in 2023. Reported fiscal year 2024 revenue dropped 27% to $220 million compared to $299 million the year prior.