Skip To Content
JEWISH. INDEPENDENT. NONPROFIT.
Fast Forward

23andMe agrees to $30M settlement over data breach that targeted Jewish and Chinese users

The data was first stolen by a hacker nicknamed “Golem,” after the Jewish mythical defender made of clay

(JTA) — The genetic testing company 23andMe has agreed to pay $30 million to American plaintiffs to settle a lawsuit over a data breach last year that specifically targeted customers of Ashkenazi Jewish and Chinese ancestry.

The breach, which occurred last October, affected more than 6.9 million customers and included users’ personal details such as their location, name and birthdate, as well as some information about their family trees. That data was shared on BreachForums, an online forum used by cybercriminals.

According to court documents, the data breach was revealed Oct. 6 after a hacker going by the pseudonym “Golem,” a reference to the Jewish mythical defender made of clay, published a link to a database labeled “ashkenazi DNA Data of Celebrities.” According to the lawsuit, the hacker referred to the list as “the most valuable data you’ll ever see,” though most of the names were not famous.

In total, 999,998 individuals with Ashkenazi heritage were included on the list, which also contained data from another 100,000 people with Chinese ancestry. “Golem” also claimed to possess the data of 350,000 users with Chinese heritage and offered to sell data from both sets of information for a fee.

According to the complaint, 23andMe did not disclose the full extent of the breach to its customers until December, when the company stated that the hackers were able to access the large number of accounts by initially hacking a smaller number of accounts, and then gaining access to information from other accounts through the site’s “Family Tree” and “DNA Relatives” features.

Complainants alleged in court documents that in addition to their data being stolen, 23andMe misrepresented how secure its users’ data was. They alleged that the data “is now in the hands of cybercriminals and is readily available to download by anyone with access to the hacking forum.”

In a statement to the Jewish Telegraphic Agency, 23andMe said, “We continue to believe this settlement is in the best interest of 23andMe customers, and we look forward to finalizing the agreement.”

A message from our CEO & publisher Rachel Fishman Feddersen

I hope you appreciated this article. Before you go, I’d like to ask you to please support the Forward’s award-winning, nonprofit journalism during this critical time.

At a time when other newsrooms are closing or cutting back, the Forward has removed its paywall and invested additional resources to report on the ground from Israel and around the U.S. on the impact of the war, rising antisemitism and polarized discourse..

Readers like you make it all possible. Support our work by becoming a Forward Member and connect with our journalism and your community.

—  Rachel Fishman Feddersen, Publisher and CEO

Join our mission to tell the Jewish story fully and fairly.

Republish This Story

Please read before republishing

We’re happy to make this story available to republish for free, unless it originated with JTA, Haaretz or another publication (as indicated on the article) and as long as you follow our guidelines. You must credit the Forward, retain our pixel and preserve our canonical link in Google search.  See our full guidelines for more information, and this guide for detail about canonical URLs.

To republish, copy the HTML by clicking on the yellow button to the right; it includes our tracking pixel, all paragraph styles and hyperlinks, the author byline and credit to the Forward. It does not include images; to avoid copyright violations, you must add them manually, following our guidelines. Please email us at [email protected], subject line “republish,” with any questions or to let us know what stories you’re picking up.

We don't support Internet Explorer

Please use Chrome, Safari, Firefox, or Edge to view this site.