23andMe has agreed to an $18 million settlement for a data breach that exposed 6.9 million users' information. The settlement includes new data protection measures and the company's obligations to ensure better cybersecurity practices moving forward.
A coalition of 42 state attorneys general announced an $18 million settlement with 23andMe due to a significant data breach affecting approximately 6.9 million users.
The breach involved exposure of sensitive information including genetic ancestry data.
As part of the settlement, 23andMe is required to implement enhanced data protection measures.
These changes include regular risk assessments and the establishment of a special board dedicated to data security oversight.
23andMe discovered the breach in October 2023, months after the incident, during which some data appeared on the dark web.
State investigations revealed that the company had inadequate cybersecurity protocols, including poor intrusion prevention and failure to monitor for breaches.
Following the breach and subsequent scrutiny, 23andMeβs assets were transferred to the newly formed 23andMe Research Institute led by CEO Anne Wojcicki.
The institute has made commitments regarding user privacy, particularly not sharing personal data without appropriate legal processes.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
23andMe has agreed to an $18 million settlement for a data breach that exposed 6.9 million users' information. The settlement includes new data protection measures and the company's obligations to ensure better cybersecurity practices moving forward.