The genetic data testing company 23andMe was the target of a hack aimed at users with Ashkenazi Jewish ancestry. (Wikimedia)

(JTA) — The genetic testing company 23andMe has agreed to pay $30 million to American plaintiffs to settle a lawsuit over a data breach last year that specifically targeted customers of Ashkenazi Jewish and Chinese ancestry.

The breach, which occurred last October, affected more than 6.9 million customers and included users’ personal details such as their location, name and birthdate, as well as some information about their family trees. That data was shared on BreachForums, an online forum used by cybercriminals.

According to court documents, the data breach was revealed Oct. 6 after a hacker going by the pseudonym “Golem,” a reference to the Jewish mythical defender made of clay, published a link to a database labeled “ashkenazi DNA Data of Celebrities.” According to the lawsuit, the hacker referred to the list as “the most valuable data you’ll ever see,” though most of the names were not famous.

Forwarding the News

Thoughtful, balanced reporting from the Forward and around the web, bringing you updated news and analysis of the crisis each day.

Terms(Required)

I agree to the Forward's Terms of Service and Privacy Policy

Email(Required)

In total, 999,998 individuals with Ashkenazi heritage were included on the list, which also contained data from another 100,000 people with Chinese ancestry. “Golem” also claimed to possess the data of 350,000 users with Chinese heritage and offered to sell data from both sets of information for a fee.

According to the complaint, 23andMe did not disclose the full extent of the breach to its customers until December, when the company stated that the hackers were able to access the large number of accounts by initially hacking a smaller number of accounts, and then gaining access to information from other accounts through the site’s “Family Tree” and “DNA Relatives” features.

Complainants alleged in court documents that in addition to their data being stolen, 23andMe misrepresented how secure its users’ data was. They alleged that the data “is now in the hands of cybercriminals and is readily available to download by anyone with access to the hacking forum.”

In a statement to the Jewish Telegraphic Agency, 23andMe said, “We continue to believe this settlement is in the best interest of 23andMe customers, and we look forward to finalizing the agreement.”

A message from our CEO & publisher Rachel Fishman Feddersen

I hope you appreciated this article. Before you move on, I wanted to ask you to support the Forward’s award-winning journalism during our High Holiday Monthly Donor Drive.

This year, we have stood together in strength and sorrow. Our Forward team has worked around the clock to help you find clarity amid the chaos.

If you’ve turned to the Forward in the past 12 months to better understand the world around you, we hope you will support us with a gift now. Your support has a direct impact, giving us the resources we need to report from Israel and around the U.S., across college campuses, and wherever there is news of importance to American Jews.

Make a monthly or one-time gift and support Jewish journalism throughout 5785. The first six months of your monthly gift will be matched for twice the investment in independent Jewish journalism. 

—  Rachel Fishman Feddersen, Publisher and CEO

Join our mission to tell the Jewish story fully and fairly.

$36 $500

$120 $180 Other amount