$30M 23andMe settlement resolves data breach multidistrict litigation

23andMe data breach settlement overview: 

• Who: Personal genomics company 23andMe agreed to a $30 million settlement that would benefit a class of more than 6 million 23andMe customers.  
• Why: The settlement would end a multidistrict litigation revolving around a 2023 data breach in which 23andMe customers claim the company failed to protect their sensitive information.
• Where: The 23andMe data breach case is in California federal court.

Personal genomics and biotechnology company 23andMe agreed to pay $30 million to end a multidistrict litigation revolving around a 2023 data breach. 

The settlement benefits the more than 6 million 23andMe customers whose personal information was stolen during a data breach — and, in some cases, posted on the dark web — that was disclosed by the company in October 2023. 

In a motion for preliminary approval filed earlier this month, 23andMe customers representatives called the settlement agreement an “outstanding result” that “maximizes the relief available from a Defendant in an uncertain financial situation.” 

“The benefits provided by the Settlement Fund are carefully tailored to redress the harms faced by the victims of the 23andMe Security Incident announced in October 2023,” the motion says. 

23andMe settlement to provide up to $10K for losses incurred as direct result of data breach

The 23andMe data breach exposed personal information and limited health, genetic and ethnic information, according to the motion for preliminary approval. 

The settlement, meanwhile, will provide compensation in the form of monetary reimbursement of up to $10,000 for losses incurred as a direct result of the data breach and cash payments for individuals whose health information was exposed. 

The agreement also provides cash payments for residents of Alaska, California, Oregon and Illinois — which have genetic privacy laws that provide for statutory damages — in addition to three years of “state of the art” privacy services through Privacy Shield. 

More than 40 class action lawsuits were filed against 23andMe in the wake of the data breach, with consumers broadly claiming the company failed to protect the sensitive information of its customers. 

The complaints were centralized into a multidistrict litigation in California federal court in April, reports Law360. 

Were you affected by the 23andMe data breach? Let us know in the comments.

The plaintiffs are represented by Gayle M. Blatt of Casey Gerry Shenk Francavilla Blatt & Penfield LLP, Cari Campen Laufenberg of Keller Rohrback LLP, and Norman E. Siegel of Stueve Siegel Hanson LLP

The 23andMe data breach settlement is In re: 23andMe Inc. Customer Data Security Breach Litigation, Case No. 3:24-md-03098, in the U.S. District Court for the Northern District of California.

Read About More Class Action Lawsuits & Class Action Settlements:

• Medicare recipients may be affected by data breach
• Ally Bank class action alleges co. negligence led to data breach
• Payment processor’s data breach affects 1.7M consumers
• Abbott class action claims company falsely advertises toddler drinks as healthy