23andMe, the genetic testing company, is facing challenges after a data breach last year. The company’s CEO, Anne Wojcicki, has been considering options for the future of the company. This has raised concerns among customers about the safety of their genetic data.
The data breach in October 2023 exposed sensitive information of 6.9 million customers. Attackers used stolen login credentials from other websites to access 23andMe accounts. The exposed data included names, birth years, ancestry data, and information shared through the “DNA Relatives” feature.
In response to the breach, 23andMe has agreed to a $30 million settlement. Affected customers may be eligible for compensation of up to $10,000. The settlement provides for three types of compensation: extraordinary claims for significant losses, health information claims, and statutory cash claims for residents of certain states.
To submit a claim, customers will need to visit the dedicated settlement site when it becomes available. They will need to provide supporting documentation for extraordinary claims.
Data breach impacts customer privacy
All affected customers will also receive three years of security monitoring services. Despite the settlement, many customers are still concerned about the safety of their genetic data. Cybersecurity experts recommend that customers review 23andMe’s privacy policies and consider deleting their accounts.
Genetic information reveals a lot about an individual’s and their family’s health. If this information falls into the wrong hands, it could be misused. For example, drugmakers could use the information to tailor advertising based on predispositions to certain conditions.
While there are legal protections in place, such as the Genetic Information Nondiscrimination Act, there are still concerns about the potential misuse of genetic data. Jason Kelley, activism director at the Electronic Frontier Foundation, warned that a nefarious third party could use the information to gain intelligence about groups of people and potentially individuals. To delete their genetic information, customers can initiate the process from their account settings on 23andMe’s website.
However, if they previously consented to sharing data for research purposes, they cannot retract data already shared. 23andMe’s stock has been trading at a low price, closing at 29 cents on Monday. The company faces an uncertain future, and customers are urged to think carefully about sharing their genetic data.