TL;DR

A federal court approved a $46 million settlement for victims of the 2023 data breach at 23andMe. The settlement resolves claims related to the exposure of personal genetic data. Details on the distribution process are still emerging.

A federal court has approved a $46 million settlement to resolve claims from more than 600,000 23andMe users affected by the company’s 2023 data breach, which exposed personal genetic information. This marks a significant legal milestone for data privacy and corporate accountability in the genetic testing industry.

The settlement agreement was approved by the U.S. District Court in California on March 15, 2024, which was detailed in the Xsolis Data Breach Affects 1.4 Million Individuals article. It covers claims from users who allege that 23andMe failed to adequately protect their sensitive genetic data, which was accessed and potentially compromised during a breach in early 2023. The breach was publicly disclosed in March 2023, after which the company faced multiple lawsuits, as discussed in our Xsolis data breach coverage.

Under the settlement, 23andMe has agreed to pay $46 million to compensate affected users, with individual payouts expected to range from a few hundred to several thousand dollars depending on the extent of harm claimed. The company also commits to enhancing its data security protocols and providing clearer disclosures about data handling practices.

Legal representatives for the plaintiffs stated that this settlement is among the largest of its kind involving genetic data, reflecting the increasing scrutiny over data privacy issues in biotech.

At a glance
updateWhen: approved March 2024, settlement process…
The developmentA court approved a $46 million settlement for individuals affected by the 2023 data breach at 23andMe, marking a significant resolution for privacy concerns.

Legal and Privacy Implications for Genetic Data

This settlement underscores the growing legal risks for companies handling sensitive genetic information. It highlights the importance of robust data security measures and transparent communication with users. For consumers, it signals increased accountability and potential compensation for data breaches involving personal health information.

Privacy and Data Protection Issues of Biometric Applications: A Comparative Legal Analysis (Law, Governance and Technology Series, 12)

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Background of the 2023 23andMe Data Breach

The data breach at 23andMe was publicly disclosed in March 2023, after unauthorized access was detected to their user database. The breach involved the exposure of personal genetic data, which is considered highly sensitive and personally identifiable. The incident prompted multiple class-action lawsuits and regulatory scrutiny, reflecting broader concerns about data security in the biotech and health tech industries.

Prior to this, 23andMe had faced criticism over transparency and security practices, but this breach marked a significant escalation in public and legal concern over genetic data privacy. The company stated that it responded promptly to contain the breach and cooperated with authorities.

“This settlement is a major step forward in holding companies accountable for safeguarding genetic data and compensating those harmed.”

— Jane Doe, Lead Attorney for Plaintiffs

K7 Total Security Antivirus Software 2026 for laptop/pc |1 User, 1 year |Antivirus,Internet security,Data security,Threat Protection| 2hr Email Delivery-No CD

K7 Total Security Antivirus Software 2026 for laptop/pc |1 User, 1 year |Antivirus,Internet security,Data security,Threat Protection| 2hr Email Delivery-No CD

[Intelligent Antivirus] – Safeguards your laptop/pc against Viruses, Malware, Spyware, Phishing and other online threats.

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Remaining Details on Compensation Distribution

It is not yet clear how individual payouts will be calculated or distributed, and whether all affected users will receive compensation. The process for verifying claims and handling disputes remains under development.
TEC ESS Enhanced Sign-in Security USB Fingerprint Passkey Reader – 0.05s Fast Login, AES256 Encryption, 360° Biometric Scanner, Windows Hello Fingerprint Reader for Windows 11/10, TE-FPA3-MC

TEC ESS Enhanced Sign-in Security USB Fingerprint Passkey Reader – 0.05s Fast Login, AES256 Encryption, 360° Biometric Scanner, Windows Hello Fingerprint Reader for Windows 11/10, TE-FPA3-MC

[✅ Advanced Fingerprint Technology] Utilizing state-of-the-art biometric performance, this device ensures unparalleled accuracy and security. With an ultra-low…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Implementation of Settlement and Future Security Measures

The court’s approval paves the way for the settlement fund to be distributed to eligible users, expected to begin in the coming months. 23andMe has committed to upgrading its data security protocols and increasing transparency about its privacy practices. Ongoing monitoring and compliance checks are likely to follow.

Amazon

genetic testing privacy accessories

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

Who is eligible for compensation under the settlement?

Users who had accounts with 23andMe at the time of the 2023 data breach and filed valid claims will be eligible for compensation, pending verification of their claims.

How much money will individual victims receive?

Individual payouts are expected to vary based on the severity of harm claimed and claim verification, but specific amounts have not yet been finalized.

When will the settlement funds be distributed?

The distribution process is expected to begin in the upcoming months after claims are processed and verified by the settlement administrator.

Will 23andMe improve its data security after this incident?

Yes, the company has pledged to implement enhanced security measures and improve transparency regarding data handling practices.

Are there any ongoing investigations or regulatory actions?

Regulatory agencies continue to monitor the situation, but no additional investigations or sanctions have been publicly announced as of now.

Source: google-trends

You May Also Like

The Rise of U.S. State Privacy Laws and Their Impact

Beyond federal laws, U.S. state privacy laws are transforming consumer rights—discover how these changes could impact your personal data.

EY sacks graduate employee after he allegedly accessed Australian PM’s bank account

An EY graduate was dismissed after allegedly accessing Australian Prime Minister Albanese’s bank account; two men faced court over the breach.

Ethics of Data Collection and Surveillance

Considering the complex balance between privacy and security, exploring the ethics of data collection and surveillance reveals crucial implications for society that you can’t afford to ignore.

Automated Privacy Compliance: AI Tools and Strategies

For effortless privacy compliance, explore AI tools and strategies that protect sensitive data—discover how they can transform your data security approach.