- ITDM 2025 전망 | “비전을 품은 기술 투자, 모두가 주춤한 시기에 진가 발휘할 것” 컬리 박성철 본부장
- 최형광 칼럼 | 2025 CES @혁신기술 리터러시
- The Model Context Protocol: Simplifying Building AI apps with Anthropic Claude Desktop and Docker | Docker
- This robot vacuum and mop performs as well as some flagship models - but at half the price
- Finally, a ThinkPad model that checks all the boxes for me as a working professional
23andMe Agrees to $30m Data Breach Settlement
Biotech firm 23andMe has agreed to pay tens of millions of dollars to the victims of a major data breach in 2023.
Over six million individuals’ information was accessed via the data breach, including a significant number of files containing info about users’ ancestry.
The firm has also agreed to bolster its security in the wake of the incident, including mandatory multi-factor authentication (MFA), protection against credential stuffing and annual audits.
However, the settlement is in no way an admission of any guilt.
“23andMe denies any wrongdoing whatsoever, and this agreement shall in no event be construed or deemed to be evidence of or an admission or concession on the part of 23andMe with respect to any claim of any fault or liability or wrongdoing or damage whatsoever,” the company stated in the settlement agreement.
Read more on 23andMe: DNA Tester 23andMe Hit By Credential Stuffing Campaign
It was revealed that hackers originally gained access to a small number of user accounts via previously compromised credentials, because these accounts were not protected by MFA. They were subsequently able to scrape data from additional users who had registered with the DNA Relatives feature.
The firm’s lawyers have always argued vehemently that the fault was with negligent users, even though the majority of customers who were breached were caught up in the incident through no fault of their own – because they’d opted in to DNA Relatives.
They also argued that the compromised data couldn’t be used to cause “pecuniary harm” as it didn’t include users’ social security number, driver’s license number or any payment details.
In the end, data on an estimated 6.9 million customers, including 6.4 million US residents, was compromised in the attack.
In October 2023, threat actors claimed to be selling genetic profile data for millions of British and Ashkenazi Jewish people.
Image credit: Michael Vi / Shutterstock.com