Genetic testing company 23andMe updated its terms of service to prevent customers from filing class action lawsuits or participating in a jury trial against the company, days after disclosing that hackers had breached its system and accessed the personal information of nearly seven million customers (half of its user base) in October.
The company emailed customers to announce that it had revised the “Dispute Resolution and Arbitration section” of its terms, which barred customers from filing class action lawsuits, a likely scenario given the scale of the hack. Customers who did not opt out of the new terms within 30 days would automatically agree to them, the email said.
The hackers had accessed sensitive user information such as photos, full names, geographical locations, ancestry trees, and even names of related family members. The company claimed that no genetic material or DNA records were compromised. However, hackers posted profiles of hundreds of thousands of Ashkenazi Jews and Chinese people for sale on the internet after the breach.
The company admitted that “multiple class action claims” had already been filed against it in various courts. Experts told Axios that changing its terms would not protect 23andMe in court. The company’s new terms sparked outrage online, with users accusing it of being shady and trying to protect itself at the expense of its users.