NEW YORK – Ambry Genetics has settled a class action lawsuit over a breach of personal customer data that occurred in 2020.
According to the settlement agreement, filed Sept. 9 with the US District Court for the Central District of California, Ambry will pay $12.3 million into a settlement fund. Ambry, which is owned by Realm IDx, formerly Konica Minolta Precision Medicine, has also agreed to several business practice changes, including implementing additional security-related measures, enhanced policies and training for staff, enhanced restrictions to access personal health information, and other security measures.
The settlement does not include an admission of liability or wrongdoing by Ambry.
To date, Ambry has spent between $800,000 and $1.4 million on providing notice of the breach to class members, including offering certain credit monitoring services.
Including credit monitoring and identity theft insurance services, the parties valued the settlement as "likely to exceed $20 million."
The settlement follows a back-and-forth between plaintiffs and Ambry, where the complaint had been dismissed, amended, and refiled multiple times. The most recent, fourth amended complaint was filed in December 2021.
In April 2020, Ambry told customers that it had identified unauthorized access to an employee's email account in January of that year. The breach exposed customers' names, medical information, information related to their use of Ambry’s services, and, in some instances, Social Security numbers.
The plaintiffs — at least 24 individuals from at least 15 states — sued, alleging negligence, invasion of privacy, breach of contract, and violation of state privacy and business laws, among other claims.