New 23andMe user terms seek to curb breach lawsuits

Major U.S. genetic testing provider 23andMe has updated its Terms of Use in a bid to prevent data breach lawsuits, many of which have emerged following a credential stuffing attack in October that was initially reported to impact 4.1 million UK residents and 1 million Ashkenazi Jews before being expanded to affect 6.9 million individuals, BleepingComputer reports. Under the updated user agreement, all disputes have been noted to contain an arbitration requirement. "These terms of service contain a mandatory arbitration of disputes provision that requires the use of arbitration on an individual basis to resolve disputes in certain circumstances, rather than jury trials or class action lawsuits," according to the new Terms of Use. Disagreement to the new terms, which should be given up to 30 days upon receipt of the email notification, will prompt continued usage of the previous Terms of Service. Without much proof of reasonable notice for new term opt-outs, 23andMe is unlikely to defend itself from additional breach lawsuits, said Chicago-Kent College of Law professor Nancy Kim.