Have you given your DNA to 23andMe? You could be eligible for a $10,000 payout over data breach

Platforms that offer to reveal details about a person's ancestry using DNA are attracting a lot of curious souls, but at the same time, hackers could learn a lot about clients by breaking into the database. Something similar happened due to the 23andMe data breach, and now those affected could receive a $10,000 compensation. Following the breach, the personal information of roughly half of the users of the DNA testing service was exposed. A lawsuit alleged that the company failed to adequately protect its users, and last month, 23andMe confirmed that it would settle the class action lawsuit by paying out $30 million, according to Reuters.

DNA Info Compromised

The San Francisco-based company, which collects samples of genetic materials from customers to trace their ancestry, suffered a data breach last year after hackers broke into their database.

The full extent of the breach was publicly revealed later in December and the firm admitted that the data of about 14 million clients was exposed in the leak, which first began in April last year.

Following the revelation, a class action lawsuit was filed in January this year, accusing the company of not doing enough to protect its customers. It alleged that 23andMe also failed to notify certain customers with Chinese or Ashkenazi Jewish ancestry whose data was specifically targeted to be leaked on the dark web. 23andMe proposed a settlement offering to pay up to $10,000 to eligible customers, depending on the hardships they suffered. While the settlement still requires preliminary court approval, the independent directors of the company's board have already resigned.

"We have executed a settlement agreement for an aggregate cash payment of $30 million to settle all U.S. claims regarding the 2023 credential stuffing security incident," a 23andMe spokesman told CNET. The spokesperson added that the company believed the settlement was "in the best interest of 23andMe customers".

Who is Eligible for a Payout?

The settlement is estimated to cover 6.9 million users whose data was targeted in the leak, as per Forbes. Users who were residents of the U.S. in August 2023, will be qualified to receive a compensation. To file a claim, victims need to visit the official 23andMe settlement website after it goes live. The site is supposed to offer an online claim form and a downloadable PDF version of it as well. 

How Will Victims be Compensated?

The settlement offers three types of compensation, with a maximum payout of up to $10,000. The first is extraordinary claims for customers who experienced significant losses, such as identity theft, or had to incur out-of-pocket costs for security services.

These customers may qualify for up to $10,000, if they provide all the necessary documentation such as receipts or records of expenses, according to HIPAA Journal.

The second category covers customers whose sensitive health information was specifically exposed. These victims can claim around $100 as compensation. 

The final category is the statutory cash claims, under which residents of California, Illinois, Oregon, and Alaska are eligible to get a general compensation amount of about $100 if they confirm that they are a resident of the concerned state and have received a breach notification.

The amounts may vary based on the number of claims and the total funds available for settlement. The claims are expected to be processed on a proportional basis if the demand is high, according to a Forbes report.