← All stories
● Covered by 1 source Β· 1 reportHigh impact

23andMe settles with states for $18M over massive data breach

Aggregated by BrevFeed security Β· updated 2h ago
πŸ”– Save

23andMe has agreed to an $18 million settlement for a data breach that exposed 6.9 million users' information. The settlement includes new data protection measures and the company's obligations to ensure better cybersecurity practices moving forward.

Key points

Settlement Details

A coalition of 42 state attorneys general announced an $18 million settlement with 23andMe due to a significant data breach affecting approximately 6.9 million users.

The breach involved exposure of sensitive information including genetic ancestry data.

New Data Protection Obligations

As part of the settlement, 23andMe is required to implement enhanced data protection measures.

These changes include regular risk assessments and the establishment of a special board dedicated to data security oversight.

Background of Breach and Previous Actions

23andMe discovered the breach in October 2023, months after the incident, during which some data appeared on the dark web.

State investigations revealed that the company had inadequate cybersecurity protocols, including poor intrusion prevention and failure to monitor for breaches.

Company Responses and Changes

Following the breach and subsequent scrutiny, 23andMe’s assets were transferred to the newly formed 23andMe Research Institute led by CEO Anne Wojcicki.

The institute has made commitments regarding user privacy, particularly not sharing personal data without appropriate legal processes.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Reporting from

23andMe has agreed to an $18 million settlement for a data breach that exposed 6.9 million users' information. The settlement includes new data protection measures and the company's obligations to ensure better cybersecurity practices moving forward.