Biotech firm 23andMe has agreed to pay tens of millions of dollars to the victims of a significant data breach in 2023.
The data breach accessed the information of over six million individuals, including a significant number of files containing information about users’ ancestry.
The firm has also agreed to bolster its security after the incident, including mandatory multi-factor authentication (MFA), protection against credential stuffing and annual audits.
Read More: Highline Public Schools Forced to Close By Cyber-Attack
However, the settlement is in no way an admission of any guilt.
“23andMe denies any wrongdoing whatsoever, and this agreement shall in no event be construed or deemed to be evidence of or an admission or concession on the part of 23andMe for any claim of any fault or liability or wrongdoing or damage whatsoever,” the company stated in the settlement agreement.
It was revealed that hackers originally gained access to a few user accounts via previously compromised credentials because MFA did not protect them. Subsequently, they could scrape data from additional registered users with the DNA Relatives feature.
The firm’s lawyers have consistently argued vehemently that the fault was with negligent users, even though most breached customers were caught up in the incident through no fault of their own – because they’d opted into DNA Relatives.
They also argued that the compromised data couldn’t be used to cause “pecuniary harm” as it didn’t include users’ social security numbers, driver’s license numbers, or payment details.
Ultimately, the attack compromised data on an estimated 6.9 million customers, including 6.4 million US residents.
In October 2023, threat actors claimed to be selling genetic profile data for millions of British and Ashkenazi Jewish people.
Source: https://www.infosecurity-magazine.com/news/23andme-30m-data-breach-settlement/
Latest News
- #CyberMonth: Software Updates, A Double-Edged Sword for Cybersecurity Professionals
Software updates are critical in protecting systems from cyber threats and providing new and improved functionality to software products. They are necessary to patch vulnerabilities that can be exploited by malicious actors, ensuring that systems remain secure. Software updates are one of the four pillars of the 2024 International Cybersecurity Awareness Month campaign. As part … - Universal Music Group Admits Data Breach
Universal Music Group (UMG), one of the world’s largest music corporations, disclosed a data breach in mid-July 2024. According to a filing with the Maine Attorney General’s Office, the breach may have exposed the personal information of 680 US residents. In the filing, UMG said it detected unauthorized activity in one of its internal applications on July 15, … - Get Safe Online Launches New Scam Detector
Get Safe Online has launched a new tool that uses the power of AI technology to flag potential digital scams to users. Ask Silver is a smartphone-based tool that interacts with users via WhatsApp. Once they sign up, users receive a one-time email with a QR code to scan, which opens the WhatsApp chat. All …
