DNA testing giant 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023.
The proposed class action settlement, filed Thursday in a San Francisco federal court and awaiting judicial approval, includes cash payments for affected customers, which will be distributed within ten days of final approval.
“23andMe believes the settlement is fair, adequate, and reasonable,” the company said in a memorandum filed Friday.
My mom told me she did this. I was so pissed. Can I sue her for violating my privacy?
Its so crazy how our society individualizes privacy, but when you give up your own privacy, usually you’re giving up someone else’s privacy.
This isn’t talked about and shamed enough. You willingly gave your phone to the border control agent? Thanks, now they have all my nudes that I sent you with trust, and they uploaded them to the Internet.
This is gonna sound condescending but I promise it’s coming from a place of genuine curiosity.
Who would stand to profit from leaked genetic information? Like, yes, it’s bad that they didn’t have that data better secured, but, like, what is anyone going to do with the knowledge that I’m 35% French?
Unless I’m completely missing the point and there was other information (card info. Addresses, etc) leaked?
The information that has been exposed from this incident includes full names, usernames, profile photos, sex, date of birth, genetic ancestry results, and geographical location.
The threat actor accessed a small number of 23andMe accounts and then scraped the data of their DNA Relative matches, which shows how opting into a feature can have unexpected privacy consequences.
- Usernames Profile Photos DoB
They can be linked to other online accounts. This allows for phishing, potentially scamming or getting additonal information on them which can lead to more sophisticated/personalised scams. Older, less tech savvy users are better targets for scammers.
- Username Sex DoB Genetic Ancestry Location data
Data aggregators can sell this info to Health Insurance Companies or any other system who can then discriminate based on genes sex age or location
- All of this information
Can contribute to people committing fraud with their information if they collect enough information from different sources.
- DNA relatives
Having enough information about a user to use it to target their now known relatives in personalised scams.
The people that did this probably didn’t know what information they were going to get, maybe they were hoping for payment info, and settled for trying to just sell what they got.
Any information, no matter how useless it might seem, is better than no information and enough useless information in the wrong hands can be very valuable.
Theres countless data breaches every year and people will collect it all and link different accounts from different breaches until they have enough information. Most people use the same email address for every website and a lot of people reuse the same passwords, which is how this data leak occurred. Knowing that these users reuse the same email/password combination here means theres a very good chance they’ve reused it elsewhere.
You can check out what data breeches have occured and if your email or password has been posted in any of these dumps here https://haveibeenpwned.com/
Once the information is out there, its out there for good and what might seem trivial now to you could be valuable tomorrow to someone else
Racists would pay quite a bit of money to be able to target certain ethnic groups.
That’s it?
To or anyone wondering, that’s about $4.69 per person
