23andMe Reaches Settlement In Data Breach Lawsuit
The settlement marks a significant step in addressing the fallout from the data breach that stoked fears of targeted attacks against compromised users.
Alan J July 17, 2024
Share on LinkedInShare on Twitter
Genetic testing company 23andMe has reached a settlement in principle for class actions stemming from a 2023 data breach, lawyers announced during a San Francisco court hearing on Tuesday. The breach compromised the personal information of nearly 7 million users, including sensitive genetic profiles.
While the settlement details remain undisclosed, U.S. District Judge Edward Chen of the Northern District of California scheduled a July 30 hearing to review the status of the term sheet. A motion for preliminary approval is expected within 30 to 45 days.
23andMe Settlement Negotiations and Terms
Source: blog.23andme.com
Co-lead plaintiffs’ counsel Cari Laufenberg of Keller Rohrback told Judge Chen that the parties accepted a proposal from mediator Randall Wulff following a June 26 meeting. The agreement in principle comes after a swift resolution process, with some plaintiffs’ lawyers initially disagreeing in early settlement talks.
Earlier in January, some plaintiffs’ counsels met with 23andMe representatives to discuss settlement, but disagreements over the best approach for breach victims led to a battle over leadership of the cases. U.S. District Judge Edward Chen of the Northern District of California intervened last month, appointing co-lead counsels to oversee the cases.
At a hearing last month, lawyers expressed concerns that 23andMe was in imminent danger of filing bankruptcy, suggesting that injunctive relief, including a fund to compensate class members for psychological or physical harm, would be a key focus of any settlement.
The settlement is expected to encompass the multidistrict litigation, state court cases, and thousands of arbitration demands. While specific terms are not yet public, previous discussions suggested a potential ‘steep discount’ in monetary relief for class members in a case that faced up to $3 billion in damages under the Illinois Genetic Information Privacy Act.
The terms in the settlement may include Injunctive relief from 23andMe (requiring a certain party to act in a certain way) and to provide options such as dark web monitoring to victims.
Financial Implications and Company Response
Source: 23andme.com
23andMe’s annual report revealed $216 million in cash, which could impact the settlement amount. The company’s attorney, Ian Ballon of Greenberg Traurig, expressed a focus on settlement and approval moving forward.
A 23andMe spokesperson stated that the agreement is “in the best interest of 23andMe customers,” and the company looks forward to finalizing the settlement. This resolution comes as a relief to the company, which faced potential bankruptcy concerns raised by lawyers during previous hearings.
The settlement marks a significant step in addressing the fallout from the data breach, relieving some fears that had been stoked earlier after the genetic information of specific ethnic groups had been compromised. This specific data had been advertised earlier on a hacking forum as a list of Ashkenazi Jews, while another had been described as another as a list of people of Chinese descent.
As the case progresses, the final terms of the settlement will provide insight into how 23andMe plans to compensate affected users and improve its data security measures.