The genetic data testing company 23andMe was the target of a hack aimed at users with Ashkenazi Jewish ancestry. (Wikimedia)

(JTA) — The genetic testing company 23andMe has agreed to pay $30 million to American plaintiffs to settle a lawsuit over a data breach last year that specifically targeted customers of Ashkenazi Jewish and Chinese ancestry.

The breach, which occurred last October, affected more than 6.9 million customers and included users’ personal details such as their location, name and birthdate, as well as some information about their family trees. That data was shared on BreachForums, an online forum used by cybercriminals.

According to court documents, the data breach was revealed Oct. 6 after a hacker going by the pseudonym “Golem,” a reference to the Jewish mythical defender made of clay, published a link to a database labeled “ashkenazi DNA Data of Celebrities.” According to the lawsuit, the hacker referred to the list as “the most valuable data you’ll ever see,” though most of the names were not famous.

Forwarding the News

Thoughtful, balanced reporting from the Forward and around the web, bringing you updated news and analysis each day.

Terms(Required)

I agree to the Forward's Terms of Service and Privacy Policy

Email(Required)

In total, 999,998 individuals with Ashkenazi heritage were included on the list, which also contained data from another 100,000 people with Chinese ancestry. “Golem” also claimed to possess the data of 350,000 users with Chinese heritage and offered to sell data from both sets of information for a fee.

According to the complaint, 23andMe did not disclose the full extent of the breach to its customers until December, when the company stated that the hackers were able to access the large number of accounts by initially hacking a smaller number of accounts, and then gaining access to information from other accounts through the site’s “Family Tree” and “DNA Relatives” features.

Complainants alleged in court documents that in addition to their data being stolen, 23andMe misrepresented how secure its users’ data was. They alleged that the data “is now in the hands of cybercriminals and is readily available to download by anyone with access to the hacking forum.”

In a statement to the Jewish Telegraphic Agency, 23andMe said, “We continue to believe this settlement is in the best interest of 23andMe customers, and we look forward to finalizing the agreement.”

The Forward is free to read, but it isn’t free to produce

I hope you appreciated this article. Before you go, I’d like to ask you to please support the Forward.

Now more than ever, American Jews need independent news they can trust, with reporting driven by truth, not ideology. We serve you, not any ideological agenda.

At a time when other newsrooms are closing or cutting back, the Forward has removed its paywall and invested additional resources to report on the ground from Israel and around the U.S. on the impact of the war, rising antisemitism and polarized discourse.

Readers like you make it all possible. We’re in the middle of our Passover Fundraising Drive, and we have a very ambitious goal of $127,000 by April 21.

This is a great time to support independent Jewish journalism you rely on. Make a Passover gift today!

—  Rachel Fishman Feddersen, Publisher and CEO

Make a Passover Gift Today!

$90 $180

$360

Other amount