Genetic data from a massive breach has led to substantial state-level compensation and a broader consumer fund for victims nationwide.
The genetic testing company 23andMe has agreed to an $18 million multistate settlement resolving claims from the 2023 incident, says the Pennsylvania Attorney General.
The settlement stems from 23andMe’s alleged unreasonable data security practices that failed to protect sensitive genetic information.
Plaintiffs accused the company of failing to employ safeguards against credential stuffing attacks, implement multifactor authentication, or properly investigate unusual login patterns.
The complaint claims the defendant learned about the breach months after data was publicly available and initially denied responsibility while blaming consumers.
Pennsylvania will receive $491,902 as its share following the exposure of data from nearly 200,000 state residents.
The agreement stems from bankruptcy proceedings and includes a separate $46.75 million class action fund for affected U.S. consumers.
The settlement also imposes enhanced data protections on the buyer of the company’s assets.
Follow us on X, Facebook and Telegram
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Surf The Daily Hodl Mix
Generated Image: Midjourney