September 13, 2024 at 03:01PM
DNA testing company 23andMe has agreed to a $30 million settlement in response to a lawsuit involving a data breach affecting 6.4 million customers. The settlement includes cash payments and enhanced security measures. The breaches were due to unauthorized access and credential-stuffing attacks, leading to leaked data and subsequent class-action lawsuits.
From the meeting notes provided, it’s clear that DNA testing company 23andMe has agreed to a $30 million settlement to address a data breach that affected 6.4 million customers. The settlement includes cash payments to affected customers and commitments to strengthen security protocols, including protections against credential-stuffing attacks, mandatory two-factor authentication, and annual cybersecurity audits. Additionally, 23andMe must create and maintain a data breach incident response plan, cease retaining personal data for inactive accounts, and provide updated Information Security Program to all employees during annual training sessions.
It’s important to note that 23andMe denies the claims and allegations of failing to properly protect customer information and any wrongdoing, and the agreement should not be construed as evidence of admission or concession of fault or liability.
The settlement addresses claims that the company failed to safeguard users’ privacy and neglected to inform customers about hackers targeting their information. It also highlights the measures taken by 23andMe to address the breach, such as requiring password resets and implementing default two-factor authentication for all users.
The data breach resulted in the unauthorized access to customer profiles through compromised accounts, and the stolen data, including health reports and raw genotype data, was reportedly offered for sale on the dark web.
If any additional information is needed or if any specific tasks need to be addressed based on these meeting notes, please let me know.