23andMe to pay $30 million in genetics data breach settlement
DNA testing giant 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023. [...]
Lawsuits can clarify how cybersecurity failures, breach evidence, and data-protection duties affect liability and organizational risk.
Search across headline titles and summaries.
Background for this topic.
A lawsuit is a court proceeding in which one party seeks a legal remedy from another. In information security, cases may allege inadequate protection of personal data, unauthorized access or use of systems, misuse of intellectual property, breach of a security contract, or failure to meet privacy obligations. A lawsuit is distinct from regulatory enforcement, although the same incident can lead to both.
For security practitioners, litigation can make operational records and technical evidence important. Organizations may need to preserve logs, alerts, system images, tickets, configurations, policies, and incident timelines in a reliable, access-controlled form; altering or routinely deleting relevant data can undermine fact-finding. Claims may also examine whether safeguards, vulnerability remediation, access controls, breach decisions, privacy disclosures, and supplier oversight matched documented risks and contractual duties. Clear control ownership and contemporaneous incident records therefore support both defense and accurate accountability, subject to applicable legal requirements.
DNA testing giant 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023. [...]
Would paying a ransom - or better security - have been cheaper and safer? A US healthcare giant will pay out $65 million to settle a class-action lawsuit brought by its own patients after ransomware crooks stole their data – including their nude photographs – and published at least some of them online.…
'We Don't Know How It's All Going to Shake Out,' Says CFO, 6 Weeks Post-OutageCybersecurity firm CrowdStrike has yet to see any lawsuits get filed against it by customers, following its July 19 faulty software update crashing systems worldwide. Does that speak to the company having run a well-executed crisis management strategy?