Industry - Data Breach
Executive Summary
The bankruptcy plan administrator for 23andMe agreed to pay $46.75 million to settle claims from a 2023 data breach that exposed genetic information of approximately 6.9 million customers, with cyber insurance policies covering about $13 million of the payout. The breach, which lasted five months beginning in April 2023, compromised DNA Relatives profiles and Family Tree data through unauthorized account access. Individual settlement payments range from $50 to $10,000, with over 255,000 claim...
What Happened
In 2023, hackers gained unauthorized access to 23andMe customer accounts over a five-month period beginning in April, compromising genetic data for approximately 6.9 million users out of 14.1 million in the database. The breach exposed 5.5 million DNA Relatives profiles and 1.4 million Family Tree profiles containing sensitive genetic information. In June 2026, the bankruptcy plan administrator for the company (now operating as Chrome Holding Co.) agreed to pay $46.75 million to settle class-action claims, with cyber insurance covering about $13 million of that total.
Who Is Affected
Approximately 6.9 million customers who used 23andMe's DNA Relatives or Family Tree features had their genetic profiles and related personal information exposed. Over 255,000 victims filed claims and will receive settlement payments ranging from $50 to $10,000 depending on their circumstances. The breach primarily affected U.S. customers, though the genetic testing service had an international user base.
Why It Matters
This represents one of the largest consumer genetics data breaches on record, exposing irreplaceable biometric information that cannot be changed like passwords or credit cards. The five-month duration of unauthorized access and the company's subsequent bankruptcy highlight systemic security failures in handling highly sensitive genetic data. The settlement establishes important precedent for corporate liability when genomic information is compromised, though the relatively modest per-person payments may not reflect the permanent nature of genetic data exposure.
What You Should Do
If you were a 23andMe customer during or before 2023, verify whether you filed a claim and monitor the settlement process through the court-appointed administrator Kroll. Enable multi-factor authentication on any remaining genetic testing accounts and consider freezing your credit with major bureaus to protect against identity theft. Review your financial accounts and credit reports regularly for suspicious activity, as genetic data combined with other personal information increases fraud risk.
Summary generated from verified sources and reviewed before publication. How we summarize.
Sources
- 23andMe data breach victims get $46.75 mn settlement - Beinsure
- Paylogix data breach exposes sensitive employee and client information in ransomware attack - teiss
- Legal Services of Long Island Data Breach Exposes Sensitive Personal and Health Information - Claim Depot
- Nigeria enrolls 4,000 government staff in data privacy training - Africa Business Communities
- Nigeria Strengthens Data Privacy Capacity with 4,000 NIMC Staff Training - TechAfrica News