23andMe (NASDAQ:ME) disclosed in an SEC filing that it was facing multiple class action claims related to a major hacking incident last fall and plans to take a fiscal Q4 charge of up to $2M related to the incident.
In a filing made Friday, 23andMe said it plans to take a one-time charge of $1M to $2M due to the incident. The charge would consist of expenses for technology consulting services, legal fees and third-party advisors.
The DNA testing company also said it believes direct or indirect impacts from the breach could negatively affect its financial results for the fiscal year ended March 31, 2024.
23andMe also said that as a result of the hacking incident, multiple class action claims have been filed against the company in federal and state court in California and Illinois, and in courts in Ontario and British Columbia, Canada. It added the lawsuits were at the early stage and that it “couldn’t predict the outcome.”
The company also said it was “assessing” its response to notices filed by consumers under California’s Consumer Privacy Act, along with “inquiries from various government officials and agencies.”
“The full scope of the costs and related impacts of this incident and related litigation, including, without limitation, the availability of insurance to offset some of these costs, cannot be estimated at this time,” the company added.
In related news, TechCrunch reported that 23andMe confirmed the data breach impacted around 6.9M of its users.