23andMe Settles $30M Lawsuit Over Data Breach Targeting Jewish and Chinese Users

The breach exposed sensitive information of over 6.9 million customers, with hackers focusing on Ashkenazi Jewish and Chinese ancestry data.

The data breach, which occurred in October 2023, affected more than 6.9 million customers, revealing personal details like names, birthdates, and family trees.
Hacker 'Golem' leaked nearly 1 million profiles of Jewish users and claimed to possess data of 350,000 Chinese users, offering it for sale.
23andMe did not fully disclose the extent of the breach until December 2023, months after the initial hack.
The breach was attributed to credential stuffing, where hackers used recycled login credentials from previous breaches to access 23andMe accounts.
As part of the settlement, 23andMe will provide affected customers with a three-year security monitoring program, with $25 million of the settlement expected to be covered by cyber insurance.