23andMe Agrees to $30M Settlement Over 2023 Data Breach: How Much Could Users Get?

So, you thought the biggest surprise from your DNA test would be finding out you’re 3% Viking? Well, how about finding out your genetic data has been hacked? That’s the reality for some 23andMe users, following a data breach in 2023. But don’t worry, there’s a $30 million settlement in the works to help patch things up. Let’s break down what happened and what you need to know if you were affected.

23andMe, the popular genetic testing company, experienced a credential stuffing attack in October 2023, where hackers gained access to the data of 6.9 million users. The breach especially impacted users who opted into the DNA Relatives feature, which lets you connect with long-lost cousins (and apparently hackers, too). Now, the company is looking to settle a class-action lawsuit with a $30 million payout.

How It Went Down:

1. The Hack: Hackers used login details from other sites (because, let’s face it, some of us use the same passwords everywhere) to break into 23andMe accounts. This attack let them steal genetic data from users.
2. The Aftermath: The breach exposed the sensitive data of millions, including specific targeting of Jewish and Chinese users, according to reports.
3. The Settlement: 23andMe has proposed a $30 million settlement to make things right, with most of the cost being covered by cyber insurance.

Who’s Targeted?

If you’re one of the millions who use 23andMe and opted into their DNA Relatives feature, you could be part of this group. Users with common passwords across multiple platforms are especially vulnerable to credential stuffing attacks like this one.

Real-Life Example:

Imagine you’re excitedly tracing your family tree with 23andMe, only to find out months later that hackers gained access to your personal and genetic data. This happened to about 14,000 accounts directly, but the compromised data extended to 6.9 million users. You didn’t just share your DNA with potential relatives; it ended up in the hands of threat actors.

Why You Should Care:

Your genetic data is more than just numbers—it’s deeply personal and contains information that could be used in ways we might not even anticipate yet. The breach doesn’t just impact your privacy today; it could have implications for your future health, insurance, or even security. Plus, this breach highlights a bigger issue: weak password practices can lead to significant fallout. Even if your DNA is safe, hackers could use similar tactics to access your financial or personal accounts.

How to Protect Yourself:

Here are a few ways you can protect yourself in the wake of this breach:

1. Update Your Passwords: Always use unique, strong passwords for every account—especially those holding sensitive data like 23andMe.
2. Enable Two-Factor Authentication (2FA): This adds an extra layer of security to your accounts, making it harder for hackers to break in.
3. Sign Up for Credit Monitoring: If your data was exposed, consider enrolling in identity theft protection services. 23andMe is offering affected users three years of free online security services.
4. Monitor Your Accounts: Keep an eye on your 23andMe account, but also check for any unusual activity in your financial accounts or health records.
5. Be Skeptical of Unsolicited Contact: If someone reaches out claiming to be a long-lost relative, double-check their legitimacy!

Quick Tips:

• Did You Know? Credential stuffing attacks happen when hackers use login details from unrelated breaches to access other accounts where people reuse passwords.
• Pro Tip: Set up unique, complex passwords and change them regularly. If you struggle to remember them, consider using a password manager to keep things safe and simple.

Have you or someone you know been impacted by the 23andMe breach or a similar hack? We’d love to hear how you’re dealing with it! Share your story, and it might help someone else take precautions and stay safe.

Stay safe, stay informed!

Key Terms Explained:

• Credential Stuffing Attack: A type of cyberattack where hackers use login credentials (username and password) stolen from one website to access accounts on other websites.
• DNA Relatives Feature: A 23andMe tool that allows users to connect with genetic relatives by sharing personal and genetic data.
• Class-Action Lawsuit: A legal case filed on behalf of a group of people who have experienced the same harm, in this case, users affected by the data breach.
• Cyber Insurance: Insurance coverage designed to help businesses recover from cyberattacks, including covering costs related to breaches or lawsuits.

To read more, kindly find source article here