Header image

Genealogy Website to Pay $30 Million Over 2023 Data Breach

Chinese and Ashkenazi Jewish customers were particularly targeted by the compromise.

23andMe has agreed to pay $30 million to resolve a lawsuit over a breach from 2023 that impacted 6.9 million customers.

An attacker was able to access around 14,000 individual 23andMe.com accounts via a credential stuffing effort.

Having compromised those accounts, the attacker accessed information in a significant number of DNA Relatives profiles and Family Tree feature profiles, each of which were connected to the compromised accounts.

Five Month Compromise

According to Reuters, the compromise took place over five months beginning April 2023, enabling access to 5.5 million DNA Relatives profiles and details from 1.4 million users of the Family Tree feature.

However, the lawsuit claimed the firm did not inform its Chinese and Ashkenazi Jewish customers that they were targeted by the compromise.

As part of the settlement, which was deemed to be "fair, adequate, and reasonable," arbitrations by several thousands of class action members were moved to be stopped by the firm.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

24
Oct
Webinar

Securing Data in the Cloud: Advanced Strategies for Cloud Application Security

Discussing the current trends in cloud security, focusing on the challenges of hybrid environments

In this live webinar, join security specialists from OPSWAT to discuss the current trends in cloud security, focusing on the challenges of hybrid environments, including diminished visibility and weakened threat detection.

image image