23andMe Ordered to Pay $30 Million in Breach Settlement

In response to a 2023 data breach that exposed the personal information of 6.4 million customers, DNA testing giant 23andMe has agreed to a $30 million settlement. The settlement, which awaits judicial approval, includes cash payments to affected customers and a commitment by 23andMe to strengthen its security protocols. This includes mandatory two-factor authentication, annual cybersecurity audits, and a data breach response plan.

The breach occurred when hackers exploited stolen credentials from other breaches, leading to unauthorized access to customer profiles. Data, including health reports and raw genetic data, was reportedly offered for sale on dark web forums. While denying any wrongdoing, 23andMe has agreed to implement stricter security measures, including preventing retention of data from inactive accounts.

To avoid breaches like this, companies must adopt proactive cybersecurity measures. We provide robust IT solutions, ensuring businesses stay protected from current and future threats. Connect with us to learn how we can enhance your organization's security infrastructure.