23andMe has agreed to pay $30 million and provide three years of security monitoring to settle a lawsuit over a data breach that exposed the personal information of 6.9 million customers, Reuters reports.
The breach, which began in April 2023 and lasted about five months, compromised data from nearly half of the company’s 14.1 million customers and involved access to DNA profiles and Family Tree information. The settlement also addresses claims that 23andMe failed to inform customers of Chinese and Ashkenazi Jewish ancestry about the breach, in which their data was posted for sale on the dark web.
The agreement includes cash payments for affected customers and access to a privacy and genetic monitoring program. 23andMe has also requested a delay in arbitration proceedings by class members due to financial instability. The company, which reported a $69.4 million loss in its last quarter, expects about $25 million of the settlement cost to be covered by cyber insurance.