23andMe May Owe You Some Money
Data leaks are an unfortunate but common occurrence these days. A couple of months ago, we learned of a leak of 2.9 billion data records , including users’ Social Security numbers. 23andme suffered a data breach of its own last year, but a lot has changed in a year: while they can’t reveal your data, they can pay you. Most payouts will likely be small, but for some victims the piece of the pie will be significant.
What happened to 23andme?
Last October , 23andme announced that they were under attack . The attacker used a tactic called “credential stuffing,” in which he was able to gain access to 23andme accounts by using user credentials from other compromised accounts. (By the way, this highlights the importance of using a unique password for each of your accounts.)
Thanks to this credential entry, this actor was able to obtain information from DNA Relatives , since this feature is based on sharing data with other users that you are genetically related to. This includes information such as the user’s display name, predicted relationships, and the percentage of DNA the user has shared with their matches. It also includes a range of additional data if the user has agreed to share it, such as location, profile picture, year of birth and a link to their family tree. Regarding the last point, a number of user data were compromised using the Family Tree feature.
Due to the way the actor attacked the site, 23andme does not believe that any internal networks were actually compromised. However, this resulted in approximately 14,000 users having their accounts compromised via credential stuffing, which, due to the way the features work, leads hackers to 6.9 million account details (5.5 million from DNA Relatives and 1.4 million from Family Tree). ).
Following the settlement, 23andme agreed to pay $30 million to affected users. If you take it at face value, that works out to about $4.35 per user. However, actual payouts could be much higher.
How much money does 23andme offer users?
Short answer? It depends. According to CNET , users with an “extraordinary claim” can receive up to $10,000. To be eligible, you will need to prove that the data breach had a significant impact on your life that resulted in costs on your part, such as through identity fraud or fraudulent tax returns.
If your personal health information is leaked, 23andme may owe you up to $100. If you live in Alaska, California, Illinois or Oregon, you can also receive up to $100, as these states have specific laws governing genetic privacy.
How to join a 23andme lawsuit
If you have been affected by a data breach, you will likely be contacted directly about your claim, either by email or regular mail. This form may have instructions for filing your claim, but there are also resources online for filing a claim for your share of the settlement.
For example, Potter Handy, LLP can help you if you live in Illinois . If you live in the UK, you can use Join a Claim : if you confirm that you have been contacted about your eligibility to join a claim, the site will connect you with the UK firm.