Genetic testing company 23andMe has agreed to pay $30 million and offer three years of security monitoring to settle a lawsuit following a data breach that exposed the personal information of 6.9 million customers. The breach, which lasted five months starting in April 2023, affected nearly half of the company’s 14.1 million users at the time.
The settlement, filed in a San Francisco federal court, requires judicial approval. It includes cash payments to affected customers and access to a security program, Privacy & Medical Shield + Genetic Monitoring. The company said it believes the settlement is in its customers’ best interest, noting that $25 million of the cost would be covered by cyber insurance.
The size of the global cyber insurance market is forecast to reach $29 billion by 2027 from $14 billion in 2023, according to Munich Re.
The breach specifically impacted 5.5 million users who shared information via the DNA Relatives feature, as well as 1.4 million customers using the Family Tree option. Notably, the hacker seemed to have targeted customers with Chinese and Ashkenazi Jewish ancestry, posting their information on the dark web, Reuters news report said.
23andMe’s financial difficulties, exacerbated by a $69.4 million loss on $40.4 million revenue in the second quarter of 2023, have raised concerns about the company’s ability to withstand further litigation.
The company, led by CEO Anne Wojcicki, has been considering going private, with its stock falling below $1 since December 2023. The plaintiffs’ lawyers may request legal fees of up to 25 percent of the settlement amount.
23andMe reported revenue of $40 million FY25 Q1, compared to $61 million for the same period in the prior year. The decrease of 34 percent in revenue was driven by lower research services revenue, lower consumer services revenue and telehealth orders.
Operating expenses for FY25 Q1 were $92 million, compared to $140 million for the same period in the prior year. 23andMe reported net loss of $69 million for FY25 Q1, compared to a net loss of $105 million for the same period in the prior year.
