MyHeritage to pay 400,000 ILS in Damages Resulting from a Data Breach

The District Court in Tel Aviv approved a 400,000 ILS settlement agreement with MyHeritage, the genealogy platform operator, in a class action lawsuit that accused the company of deficient data safeguards that led to a data breach. The company will also give consumers free access to use its Deep Nostalgia service, valued at a total of 1,085,915 ILS.

The data breach unfolded in October 2017, and according to a court-appointed expert, compromised email addresses, registration dates, and encrypted passwords of platform users. Around three-quarters of a million Israeli data subjects were affected by the breach. As per the court-appointed expert, MyHeritage fell victim to an elaborate cyber-attack by a group of hackers. Only after the breach did the company implement some of the information security controls customary in the industry.

The court decision rejected the company’s assertion that email addresses do not meet the definition of “Information” or “sensitive information” under Section 7 of the Israeli Privacy Protection Law. According to the court, an email address may be used to infer additional information about the data subject, potentially revealing details about their personality, profession or occupation, organizational, institutional, or political affiliation, religious beliefs, and more.

Click here to read the court decision in Franji v. MyHeritage Ltd. (in Hebrew).