Victims of 23andMe data breach to get $47m payout, judge rules
2 hours ago


Reuters
Victims of a 2023 data hack at genetics testing company 23andMe are set to receive a multi-million payout from the firm
A California bankruptcy court judge ruled on Tuesday that Chrome Holding, which last year took control of 23andMe after its bankruptcy, should pay out $46.75m (£35m) in compensation
23andMe compiles genetic profiles of people through DNA testing kits, but it was heavily criticised after as many as 6.9 million people had their data breached in the 2023 hack
Representatives of Chrome Holding and 23andMe have been contacted for comment
Chrome Holding, which operates under the name TTAM Research Institute, is operated by 23andMe’s co-founder, Anne Wojcicki. She won the company’s assets last year through a bankruptcy auction with a bid of $305m
The ruling said the settlement will be first paid to Kroll Restructuring, which is representing the victims, within five business days from Tuesday
Kroll will then distribute the funds to the victims, the ruling said
The appointment of companies like Kroll is typical in corporate bankruptcy proceedings
The BBC has contacted the legal team representing the victims to ask how many people will receive the payout
23andMe early last year filed for bankruptcy, about 18 months after hackers were able to access roughly 14,000 user accounts
Because the company offered “comprehensive” genetic profiles of people who submitted their DNA, including genetic markers related to their health and family history, some of the information accessed by hackers was highly personal
While the number of accounts accessed directly in the breach only represented a small fraction of 23andMe’s total users, the hackers were able to access the profiles of those users’ relatives. That gave them access to millions of profiles that 23andMe hosted
The breach led to investigations and fines, including a £2.31m fine by the Information Commissioner’s Office (ICO), a UK watchdog
The ICO said 23andMe had failed to put adequate measures in place to secure sensitive user data prior to the incident
In May, Rob Bonta, the Attorney General of California, sued the company following an investigation that found 23andMe “failed to take basic steps to protect users’ data.”
Bonta also claimed that 23andMe “lied to consumers about the severity of its 2023 data breach.”
The company has continued to operate since the bankruptcy, offering DNA testing kits to people online
23andMe was once valued at $6bn. It started in 2006 and went public in 2021, but it has never turned a profit
California Attorney General sues 23andMe successor for 2023 data breach
UK watchdog fines 23andMe for ‘profoundly damaging’ data breach
DNA testing site 23andMe files for bankruptcy protection
Companies
International Business

