ru24.pro
News in English
Календарь
Сентябрь
2024
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

23andMe Reportedly Paying $30 Million to Settle Data Breach Suit

0
PYMNTS.com 

23andMe will reportedly pay $30 million to settle a lawsuit tied to a data breach.

As Reuters reported Friday (Sept. 13), the genetics testing company has also agreed to provide three years of security monitoring as a result of the class-action litigation, which accused 23andMe of failing to protect the private information of almost 7 million customers exposed in the breach last year.

The settlement also resolves allegations that 23andMe did not tell customers with Chinese and Ashkenazi Jewish ancestry that a hacker had apparently targeted them specifically, selling them on the dark web, Reuters added.

According to the report, 23andMe called the settlement fair and reasonable in its own court filing, but also cited its “extremely uncertain financial condition,” in asking the judge to pause arbitrations by tens of thousands of class members, until the settlement is approved or they decide not to participate.

23andMe says it believes the settlement is in its users’ best interests, and says it anticipates most of the cost of the settlement — $25 million — will be covered by its cyber insurance. PYMNTS has contacted the company for comment but has not yet gotten a reply.

The company revealed the breach in October of last year, about six months after it began. The incident affected almost half of the 14.1 million customers in 23andMe’s database at the time, Reuters said. A hacker accessed 5.5 million DNA Relatives profiles, which allow customers to share information with each other, along with information for another 1.4 million users of a feature called Family Tree.

As PYMNTS wrote last month, large businesses such as 23andMe “will continue to be attractive targets for cybercriminals,” as the “combination of valuable data, complex systems and the potential for significant ransom payments makes them particularly vulnerable.”

Speaking to PYMNTS for interviews for the “What’s Next in Payments” series, executives stressed the need for the multilayered security strategy known as defense in depth to reduce risks at various levels. 

That’s because when an attacker gets access via stolen credentials, the potential for escalation is substantial, with minor disruption quickly spiraling into a full-scale disaster.

“You may not have realized it yet, but they’re going to hit you,” Amount Director of Product Management Garrett Laird told PYMNTS. “The fraudsters are jerks — and they like to hit you on holidays and on weekends, at 2 in the morning.”

The post 23andMe Reportedly Paying $30 Million to Settle Data Breach Suit appeared first on PYMNTS.com.