Latest news with #CyberSecurityIncident
Yahoo
10-07-2025
- Business
- Yahoo
23andMe users have until July 14 to file a claim in the DNA company's bankruptcy case. Here's how to do it.
Customers of the genetic testing company 23andMe have until July 14 to file a claim as part of a restructuring in its bankruptcy case. In filing a claim, eligible customers can seek compensation for suffering financial or other damages due to a 2023 cyberattack that compromised the sensitive personal information of nearly 7 million users. The direct-to-consumer company has customers submit a saliva sample for their DNA to be analyzed for ancestry purposes, family traits or health risks. 23andMe disclosed the data breach in October 2023, acknowledging that it had exposed users' personal information, including names, relationship labels, ancestry reports and percentage of DNA shared with relatives. This resulted in multiple class-action lawsuits. The DNA testing company filed for Chapter 11 bankruptcy protection in the U.S. in March due to low demand for its ancestry kits in the fallout of the breach. 23andMe alerted customers of the July 14 claim deadline back in May, which was set by the U.S. Bankruptcy Court for the Eastern District of Missouri. There are two types of claims that current and former 23andMe customers can file to receive money back: One is related to cybersecurity (Cyber Security Incident Claim), the other is not cybersecurity-related (General Bar Date Package). Eligible customers can submit either claim by following the instructions on this website. The deadline to file both types of claims is Monday, July 14, 2025. If it's submitted electronically, the deadline is at 11:59 p.m. CT; if it's submitted by hard copy, the deadline is 4:59 p.m. CT. Cyber Security Incident Claim 23andMe customers who are eligible to submit the Cyber Security Incident Claim electronically or via postal mail have to meet the following criteria: They were a customer of 23andMe between May 1, 2023, and Oct. 1, 2023. They received a notice that their personal information was compromised in the 2023 data breach. The customer 'incurred monetary damages or non-monetary damages' related to the cybersecurity incident. General Bar Date Package For 23andMe customers who believe they have a claim against the company's services, but it isn't cybersecurity-related, they should file a claim electronically or via postal mail under the General Bar Date Package. This could be related to non-cybersecurity issues, like problems with a customer's DNA results or telehealth services. If a 23andMe customer has questions about the claims process, more information can be found here. Customers can also email 23andMeInfo@ or call (888) 367-7556. No. A Chapter 11 bankruptcy filing means the company is restructuring, instead of liquidating its assets. 23andMe announced at the end of June that it has found a buyer, TTAM Research Institute, which is a nonprofit led by 23andMe cofounder and former CEO Anne Wojcicki. 'The transaction remains subject to Bankruptcy Court approval and customary closing conditions,' the company says. The access that current 23andMe customers have remains unchanged. 'There are no changes to how we store, manage or protect customer data,' according to 23andMe. After filing for Chapter 11 bankruptcy, 23andMe received permission from a judge to sell its most valuable asset — customers' DNA data. 'TTAM has affirmed its commitment to comply with 23andMe's privacy policy and applicable law with respect to treatment of customer data,' the company says, acknowledging the potential sale to TTAM Research Institute. A customer's 23andMe DNA data is not protected under the Health Insurance Portability and Accountability Act, known as HIPAA, which is a law that protects a person's private health information from being shared without the person's knowledge or consent. HIPAA only protects that type of information when it's provided to an entity like a hospital system, physician health plans or billing companies that conduct business with them. 23andMe is not subject to HIPAA regulations because it's a direct-to-consumer company outside of the health care realm. The person is treated as a consumer rather than a patient. The company noted in their FAQ for customers that there's an option for them to delete their data and account. Here's how users can delete their account and personal information: Log into your 23andMe account and go to the 'Settings' section of your profile Scroll to a section labeled '23andMe Data' at the bottom of the page Click 'View' next to '23andMe Data' Scroll to the 'Delete Data' section Click 'Permanently Delete Data' Confirm your request: You'll receive an email from 23andMe; follow the link in the email to confirm your deletion request "If a customer opted in to 23andMe Research, their Personal Information will no longer be used in any future research projects," a 23andMe spokesperson told CNET. "Please note, data cannot be removed from research that's already been conducted."
Yahoo
27-03-2025
- Business
- Yahoo
23andMe CRO details data breach's role in bankruptcy
This story was originally published on CFO Dive. To receive daily news and insights, subscribe to our free daily CFO Dive newsletter. The drivers behind the once-highflying 23andMe's path to bankruptcy are myriad, with the chief restructuring officer partly pinning its financial woes on rising inflation, falling demand coupled with increased competition in the genetic testing kit space, and the 'one-time' nature of its sales, in a Monday court filing. At the same time, the fallout from a 2023 data breach which led to government investigations, lawsuits, and looming liabilities also played a pivotal role in the company's decline, according to a Monday first declaration filing from CRO Matthew Kvarda, a managing director at Alvarez & Marsal North America who has served as interim CFO of distressed and non-distressed companies, including Revlon. Ultimately, despite drawing interest from buyers, the company decided to file for Chapter 11 bankruptcy protection Sunday given 'its limited cash and operating cash burn, as well as the uncertainty surrounding the scope and extent of liabilities arising from the Cyber Security Incident, commencing these cases to stabilize the business and monetize its assets on a 'free and clear' basis through a chapter 11 plan or sale pursuant to section 363 of the Bankruptcy Code, provided the best path to maximize value for the benefit of the Company's stakeholders,' according to the declaration. In a Monday press release, the company said it was seeking the bankruptcy court's approval to sell 'substantially all its assets' and use up to $35 million in debtor-in-possession financing from JMB Capital Partners along with cash generated from the business to keep operating. It also announced new leadership, picking CFO Joe Selsavage to take on the added role of interim CEO in the wake of co-founder Anne Wojcicki resigning as CEO while staying on the board, effectively immediately. Data management issues have continued to dog 23andMe after its bankrupcty filing: the website's login portal went down Monday evening as many customers rushed to delete their genetic data, with concerns fueled by the memory of a 'password hack' in 2023 that exposed 6.9 million people's information, The Wall Street Journal reported. At the same time, the company asserted in its Monday release that it would not change the way the company 'stores, manages or protects customer data.' In Kvarda's filing, the 2023 incident is described briefly. It notes that on Oct. 1, 2023 a 'threat actor' posted a claim online that it had 23and ME users' profile information. After learning of the incident, the company initially determined the actor was only able to access 0.1% of user accounts, 'in instances where usernames and passwords that were used on the company website were the same as those used on other websites that had been previously comprised or were otherwise available.' The company ultimately determined that personal information related to about 7 million customers was accessed, according to the filing. The legal fallout from the incident has included multiple legal actions threatened or filed in U.S. federal and state courts, Canada and the United Kingdom as well as 'various domestic and foreign governmental investigations,' according to the filing. The company said Monday that it wants to use the bankruptcy proceedings to resolve all outstanding legal liabilities stemming from the October cyber incident. Sign in to access your portfolio
