23andMe to Pay $30M as Settlement for 2023 Hack
23andMe, the DNA testing company, has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023.
The lawsuit accused 23andMe of failing to adequately protect users' information and being unable to sufficiently notify users of the breach. 23andMe has also agreed to strengthen its security protocols, including protections against credential-stuffing attacks, mandatory two-factor authentication for all users, and annual cybersecurity audits. The company must also create and maintain a data breach incident response plan and stop retaining personal data for inactive or deactivated accounts. An updated Information Security Program will also be provided to all employees during training sessions to be held annually.
The company denied any wrongdoing as part of the settlement agreement. Read more about this story on our LinkedIn page
The lawsuit accused 23andMe of failing to adequately protect users' information and being unable to sufficiently notify users of the breach. 23andMe has also agreed to strengthen its security protocols, including protections against credential-stuffing attacks, mandatory two-factor authentication for all users, and annual cybersecurity audits. The company must also create and maintain a data breach incident response plan and stop retaining personal data for inactive or deactivated accounts. An updated Information Security Program will also be provided to all employees during training sessions to be held annually.
The company denied any wrongdoing as part of the settlement agreement. Read more about this story on our LinkedIn page