Genetic testing company 23andMe has agreed to settle claims related to a massive data breach that compromised the personal information of millions of customers.
View WhitepaperGenetic testing company 23andMe has agreed to settle claims related to a massive data breach that compromised the personal information of millions of customers. According to court documents filed in a San Francisco federal court, the company will provide compensation to the 6.4 million U.S. customers whose data was stolen during the breach. Alongside the financial settlement, 23andMe will offer affected customers three years of privacy, medical, and genetic monitoring services.
The breach, which occurred in 2023, resulted in customer data being sold on the dark web. Hackers reportedly targeted specific groups, including Ashkenazi Jewish and Chinese 23andMe customers, and had access to the company’s systems for five months before the breach was detected. The incident only came to light after a post on Reddit mentioned the sale of 23andMe data.
While the terms of the settlement were described as “fair, reasonable, and adequate,” 23andMe acknowledged the need to resolve the matter due to its “uncertain financial situation.” The company’s finances have been under pressure since the breach became public, with its market capitalisation plunging. In its most recent earnings report, 23andMe revealed significant losses, including a 34% drop in revenue, $69 million in quarterly losses, and a 20% decrease in available cash.
Despite the severity of the settlement, one that would typically place a heavy strain on the company’s reserves, 23andMe expects insurance to cover around $25 million of the costs, softening the financial blow.
The 23andMe case shows the significant financial costs that data breaches can impose on businesses. Beyond the direct financial settlements, there are reputational damages, ongoing litigation costs, and potential loss of consumer trust; all of which can severely impact a company’s long-term viability.
Data has become one of the most valuable assets of a businesses, however, it can also one of the most vulnerable. Companies of all sizes are frequently targeted by cyberattacks, and the consequences of poor data protection can be devastating. For 23andMe, the breach not only exposed sensitive genetic information but also eroded trust in the brand, contributing to declining revenue.
As the cost of resolving data breaches continues to rise, this case should serve as a wake-up call for businesses. It’s crucial for companies to invest in cybersecurity measures to safeguard sensitive information, not just to avoid legal action, but to maintain the trust and loyalty of their customers. 23andMe addressed data security concerns in their post in December 2023.
Preventing data breaches requires a multi-faceted approach, and businesses must prioritise both technological and procedural safeguards.
Here are some key strategies companies can adopt to protect their data:
For businesses operating in Europe or handling European customer data, compliance with the General Data Protection Regulation (GDPR) is not optional. GDPR lays out strict requirements for data protection and imposes heavy fines on companies that fail to comply.
Key areas to focus on include:
The 23andMe settlement is an example of the high stakes associated with data breaches. The costs extend far beyond immediate legal settlements, with potential long-term financial and reputational damage. For businesses, the message is clear: investing in data protection and cybersecurity measures is not just a regulatory requirement, it’s a vital part of safeguarding the future of your business, whether it be financial or reputational.
By staying proactive and ensuring compliance with GDPR regulations, companies can reduce the risk of breaches and protect the trust of their customers.
To learn more about the importance of security and how to protect your business, check out some of our other articles at Zeus Cloud below:
