States secure $18M from 23andMe bankruptcy after genetic data breach
By
Mr Bagel
A coalition of 42 state attorneys general has reached an $18 million settlement with the bankruptcy trustee of 23andMe, resolving investigations into a 2023 data breach that exposed the genetic data of 6.9 million customers, according to multiple sources. The settlement, announced by Washington Attorney General Nick Brown and others, draws funds from 23andMe's bankruptcy estate.
The breach was a credential stuffing attack using stolen usernames and passwords, reported wect.com. The company took months to detect the intrusion and initially denied wrongdoing. "the company took months to detect the breach, initially denied it occurred, and later blamed customers." :: wect.com Minnesota Attorney General Keith Ellison noted that some of the stolen data later appeared for sale on the dark web, FOX 9 reported.
Under the settlement, individual states receive portions of the $18 million. Washington will get $547,000 to enforce consumer protection laws, per the Washington State announcement. North Carolina will receive $666,242, according to wect.com, and Minnesota will get $514,871, FOX 9 reported. Iowa was also among the participating states, KCCI noted.
The multi-state investigation, led by Connecticut Attorney General William Tong, found that 23andMe engaged in unreasonable data security practices, san.com reported. After legal fees, affected customers may receive payouts from the settlement, according to san.com. Additionally, the settlement requires new data protection measures including risk assessments and the appointment of a special board to oversee data security at the 23andMe Research Institute, a nonprofit that absorbed the company's genetic data assets, The Record reported.
The reporting
12 outlets covered this story. Each links to the original.

Baker's Take
Comments
Sign in to join the conversation.
No comments yet. Be the first.