Skip to main content
Advertisement

23andMe Data Breach Victims to Receive $47M Compensation, Court Rules

A California court orders Chrome Holding to pay $46.75M to victims of the 2023 23andMe data breach affecting millions of users' genetic data.

·3 min read
A kiosk with the 23andMe logo on it, sitting in a lobby with people standing nearby.

23andMe Data Breach Settlement Ordered by Court

Victims affected by a 2023 data breach at the genetic testing company 23andMe are set to receive a substantial payout following a recent court ruling.

On Tuesday, a California bankruptcy court judge determined that Chrome Holding, which acquired 23andMe after its bankruptcy last year, must pay $46.75 million (£35 million) in compensation to those impacted.

23andMe, known for compiling genetic profiles through DNA testing kits, faced significant criticism after the 2023 hack exposed data belonging to as many as 6.9 million individuals.

Representatives from both Chrome Holding and 23andMe have been approached for comment regarding the ruling.

Background on Chrome Holding and 23andMe

Chrome Holding, operating under the name TTAM Research Institute, is managed by Anne Wojcicki, co-founder of 23andMe. She acquired the company's assets last year through a bankruptcy auction with a winning bid of $305 million.

The court ruling specifies that the settlement amount will first be paid to Kroll Restructuring, which represents the victims, within five business days from the date of the ruling.

Kroll will then be responsible for distributing the funds to the affected individuals, as outlined in the court's decision.

The appointment of firms like Kroll is common in corporate bankruptcy cases to manage claims and settlements.

The BBC has contacted the legal representatives of the victims to inquire about the number of individuals who will receive the payout.

Advertisement

Details of the 2023 Data Breach and Its Impact

23andMe filed for bankruptcy early last year, approximately 18 months after hackers gained access to roughly 14,000 user accounts.

Because the company provides comprehensive genetic profiles, including markers related to health and family history, the data accessed was highly sensitive and personal.

Although the breach directly affected a small portion of 23andMe's total user base, hackers were able to access profiles of the users' relatives, expanding the scope to millions of profiles hosted by 23andMe.

The breach triggered investigations and penalties, including a £2.31 million fine imposed by the Information Commissioner's Office (ICO), the UK data protection authority.

The ICO stated that 23andMe had failed to implement adequate security measures to protect sensitive user data prior to the incident.

Legal Actions and Company Status

In May, Rob Bonta, Attorney General of California, filed a lawsuit against the company following an investigation that concluded 23andMe "failed to take basic steps to protect users' data."

"lied to consumers about the severity of its 2023 data breach,"

Bonta also alleged that 23andMe misled consumers regarding the extent of the breach.

Despite the bankruptcy and legal challenges, 23andMe continues to operate, offering DNA testing kits for purchase online.

Founded in 2006 and once valued at $6 billion, the company went public in 2021 but has yet to achieve profitability.

  • California Attorney General sues 23andMe successor for 2023 data breach
  • UK watchdog fines 23andMe for 'profoundly damaging' data breach
  • DNA testing site 23andMe files for bankruptcy protection

This article was sourced from bbc

Advertisement

Related News