Victims of 23andMe data breach to get $47m payout, judge rules

Victims of 23andMe data breach to get $47m payout, judge rules

A kiosk with the 23andMe logo on it, sitting in a lobby with people standing nearby. Image source, Reuters
Image caption,

DNA testing company 23andMe saw user data leaked in 2023

ByKali Hays

Technology reporter
  • Published
    43 minutes ago

Victims of a 2023 data hack at genetics testing company 23andMe are set to receive a multi-million payout from the firm.

A California bankruptcy court judge ruled on Tuesday that Chrome Holding, which last year took control of 23andMe after its bankruptcy, should pay out $46.75m (£35m) in compensation.

23andMe compiles genetic profiles of people through DNA testing kits, but it was heavily criticised after as many as 6.9 million people had their data breached in the 2023 hack.

Representatives of Chrome Holding and 23andMe have been contacted for comment.

Chrome Holding, which operates under the name TTAM Research Institute, is operated by 23andMe's co-founder, Anne Wojcicki. She won the company's assets last year through a bankruptcy auction with a bid of $305m.

The ruling said the settlement will be first paid to Kroll Restructuring, which is representing the victims, within five business days from Tuesday.

Kroll will then distribute the funds to the victims, the ruling said.

The appointment of companies like Kroll is typical in corporate bankruptcy proceedings.

The BBC has contacted the legal team representing the victims to ask how many people will receive the payout.

23andMe early last year filed for bankruptcy, about 18 months after hackers were able to access roughly 14,000 user accounts.

Because the company offered "comprehensive" genetic profiles of people who submitted their DNA, including genetic markers related to their health and family history, some of the information accessed by hackers was highly personal.

While the number of accounts accessed directly in the breach only represented a small fraction of 23andMe's total users, the hackers were able to access the profiles of those users' relatives. That gave them access to millions of profiles that 23andMe hosted.

The breach led to investigations and fines, including a £2.31m fine by the Information Commissioner's Office (ICO), a UK watchdog.

The ICO said 23andMe had failed to put adequate measures in place to secure sensitive user data prior to the incident.

In May, Rob Bonta, the Attorney General of California, sued the company following an investigation that found 23andMe "failed to take basic steps to protect users' data."

Bonta also claimed that 23andMe "lied to consumers about the severity of its 2023 data breach."

The company has continued to operate since the bankruptcy, offering DNA testing kits to people online.

23andMe was once valued at $6bn. It started in 2006 and went public in 2021, but it has never turned a profit.

Read original article

Leave a Reply