178 views 38 secs 0 comments

23andMe updates user agreement to prevent data breach lawsuits

In Data Breach News
December 09, 2023

You have a massive data breach from a credential stuffing attack that affects millions of users’ sensitive genetic information, and then you change your terms of service to make it harder for people to sue you in the event of a data breach? How will that go over with the public and potential users? Bleeping Computer reports:

The breach has led to numerous lawsuits against the company, causing 23andMe to update its Terms of Use on November 30th to contain a provision stating that mandatory arbitration is required for all disputes, rather than jury trials or class action lawsuits.

“These terms of service contain a mandatory arbitration of disputes provision that requires the use of arbitration on an individual basis to resolve disputes in certain circumstances, rather than jury trials or class action lawsuits,” reads the updated Terms of Use.

Emails sent to customers about this change state that users have up to 30 days of receiving the email notification to notify 23andMe at legal@23andme.com that they disagree with the new terms.

Those who send an email disputing the update will remain on the previous Terms of Service.

Read more at Bleeping Computer.