DNA testing giant 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023.
The proposed class action settlement, filed Thursday in a San Francisco federal court and awaiting judicial approval, includes cash payments for affected customers, which will be distributed within ten days of final approval.
“23andMe believes the settlement is fair, adequate, and reasonable,” the company said in a memorandum filed Friday.
This is gonna sound condescending but I promise it’s coming from a place of genuine curiosity.
Who would stand to profit from leaked genetic information? Like, yes, it’s bad that they didn’t have that data better secured, but, like, what is anyone going to do with the knowledge that I’m 35% French?
Unless I’m completely missing the point and there was other information (card info. Addresses, etc) leaked?
https://www.bleepingcomputer.com/news/security/genetics-firm-23andme-says-user-data-stolen-in-credential-stuffing-attack/
They can be linked to other online accounts. This allows for phishing, potentially scamming or getting additonal information on them which can lead to more sophisticated/personalised scams. Older, less tech savvy users are better targets for scammers.
Data aggregators can sell this info to Health Insurance Companies or any other system who can then discriminate based on genes sex age or location
Can contribute to people committing fraud with their information if they collect enough information from different sources.
Having enough information about a user to use it to target their now known relatives in personalised scams.
The people that did this probably didn’t know what information they were going to get, maybe they were hoping for payment info, and settled for trying to just sell what they got.
Any information, no matter how useless it might seem, is better than no information and enough useless information in the wrong hands can be very valuable.
Theres countless data breaches every year and people will collect it all and link different accounts from different breaches until they have enough information. Most people use the same email address for every website and a lot of people reuse the same passwords, which is how this data leak occurred. Knowing that these users reuse the same email/password combination here means theres a very good chance they’ve reused it elsewhere.
You can check out what data breeches have occured and if your email or password has been posted in any of these dumps here https://haveibeenpwned.com/
Once the information is out there, its out there for good and what might seem trivial now to you could be valuable tomorrow to someone else
Racists would pay quite a bit of money to be able to target certain ethnic groups.