The victims of a major 2023 data breach at a genetics testing firm are set to receive a significant payout after a California bankruptcy court ruling.
The court has ordered the company's new owner to compensate up to 6.9 million people whose personal information was exposed in the breach, which resulted in a $46.75m (£35m) payout.
The ruling marks the end of one of the most damaging data breaches in consumer technology and serves as a stark reminder of the importance of robust security measures for businesses.
The company in question filed for bankruptcy early last year after hackers gained access to around 14,000 user accounts, a small fraction of its total user base.
However, the damage did not stop there, as the platform's ability to connect users to their genetic relatives allowed hackers to access the profiles of those users' family members, giving them reach into millions of profiles hosted by the company.
The exposed data included comprehensive genetic profiles, including markers relating to health and family history, making the stolen information highly personal and impossible to change once exposed.
The fallout from the breach was significant, with the Information Commissioner's Office in the UK fining the company £2.31m for failing to secure sensitive user data.
Regulators in California also took action, with the state's Attorney General suing the company after an investigation found that it had failed to take basic steps to protect users' data and lied to consumers about the severity of the breach.
The ruling is a stark warning to smaller firms that even one security failure can have far-reaching consequences, including significant fines and reputational damage.
For entrepreneurs, the lesson is clear: customer data is a liability as well as an asset, and the bill for mishandling it can outlive the business itself.
The company in question continues to trade, selling DNA testing kits online under its new ownership, but the legacy of the breach will likely remain a long-lasting reminder of the importance of robust security measures.