23andMe disclosed the data breach final October, however it didn’t affirm the general affect till December. Prospects utilizing the DNA Relations characteristic might have had data like names, beginning years, and ancestry data uncovered by way of the breach. On the time, 23andMe attributed the hack to credential stuffing, a tactic that entails logging in to accounts utilizing recycled logins uncovered in earlier safety breaches.
The breach dealt a giant blow to the already struggling company. As 23andMe’s inventory value continued to crater, 23andMe CEO Anne Wojcicki attempted to take the company private earlier this 12 months, however the special committee rejected the offer final month. The settlement mentions issues surrounding the corporate’s funds, saying, “Any litigated judgment considerably greater than the Settlement is prone to be uncollectable.” In a press release to The Verge, 23andMe spokesperson Katie Watson mentioned the corporate expects cyber insurance coverage to cowl $25 million of the settlement:
Now we have executed a settlement settlement for an mixture money fee of $30 million to settle all U.S. claims concerning the 2023 credential stuffing safety incident. Counsel for the plaintiffs have filed a movement for preliminary approval of this settlement settlement with the court docket. Roughly $25 million of the settlement and associated authorized bills are anticipated to be lined by cyber insurance coverage protection. We proceed to consider this settlement is in one of the best curiosity of 23andMe prospects, and we stay up for finalizing the settlement.
The proposed settlement nonetheless wants approval from the decide.
