Which company which we talked about is now settling for a huge amount of money?

The question this time: What major company which we’ve talked about through TSB’s lifetime has now decided to pay a large settlement?

This company has been talked about as recent as 2023, and as far as I’m concerned, the money is only the beginning.

We have searches as one term and three, mainly because I did not look to see how it was written until later on.

Have you guys guessed the answer yet?

If you’ve guessed 23andMe, you’re right!

23andME

From the article and thoughts

DNA testing giant 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023.

The proposed class action settlement, filed Thursday in a San Francisco federal court and awaiting judicial approval, includes cash payments for affected customers, which will be distributed within ten days of final approval.

23andMe has also agreed to strengthen its security protocols, including protections against credential-stuffing attacks, mandatory two-factor authentication for all users, and annual cybersecurity audits.

We know that they had little to no security, yet they deny anything took place. Read this paragraph if you don’t believe me. It says:

“23andMe denies the claims and allegations set forth in the Complaint, denies that it failed to properly protect the Personal Information of its consumers and users, and further denies the viability of Settlement Class Representatives’ claims for statutory damages,” the company said in the filed preliminary settlement.

As written in many of these types of settlements,

“23andMe denies any wrongdoing whatsoever, and this Agreement shall in no event be construed or deemed to be evidence of or an admission or concession on the part of 23andMe with respect to any claim of any fault or liability or wrongdoing or damage whatsoever.”

About the breach

In October 2023, 23andMe revealed that unauthorized access to customer profiles occurred through compromised accounts. Hackers exploited credentials stolen from other breaches to access 23andMe accounts.

After discovering the breach, the company implemented measures to block similar incidents, including requiring customers to reset passwords and enabling two-factor authentication by default starting in November.

Starting in October, threat actors leaked data profiles belonging to 4.1 million individuals in the United Kingdom and 1 million Ashkenazi Jews on the unofficial 23andMe subreddit and hacking forums like BreachForums.

23andMe told BleepingComputer in December that data for 6.9 million customers, including information on 6.4 million U.S. residents, was downloaded in the breach.

In January, the company also confirmed that attackers stole health reports and raw genotype data over a five-month credential-stuffing attack from April to September.

The data breach led to multiple class-action lawsuits, prompting 23andMe to amend its Terms of Use in November 2023, a move criticized by customers. The company later clarified that the changes aimed to simplify the arbitration process.

Here’s what coverage we have, including podcasts.

The article this time

So what’s the article titled so we can read the entire story? Great question! 23andMe to pay $30 million in genetics data breach settlement is the article. Have fun trying to deny the fact you fucked up! Maybe this will teach you to be more secure in the future, don’t you think?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.