23andMe Data Breach Settlement Approved
A Missouri bankruptcy court administrator has signed off on a deal that gives millions of victims of a 2023 data breach at 23andMe a cut of a $46.8 million settlement fund. About 7 million customers of the genetics testing company had their data stolen by hackers starting in April 2023, and many had their information posted on the dark web.
Settlement Fund Allocation
Victims will be allotted $32.5 million, while more than $14 million of the fund is being used to pay Kroll, the settlement and claims administrator in the case. The plaintiffs had sought $48 billion in damages, but the administrator determined that the lower amount should be levied given that the district court found a $30 million prepetition settlement would be “reasonable in light of the Company’s dire financial condition,” according to court documents.
Even before the breach, 23andMe was in poor financial health, having seemingly already tapped the market of those interested in using its at-home, saliva-based DNA tests. The plan administrator also decided on the smaller settlement because litigating the larger amount would “expose the estates to protracted, high-stakes litigation lasting months, if not years, requiring extensive discovery and the expenditure of millions of dollars in professional fees and related costs — resources that would be far better preserved for the benefit of stakeholders,” according to court documents.
Claims Resolution and Damages
Nearly 256,000 claims have been resolved, court documents say. Class members will recoup damages depending on the severity of the individual harms caused by the breach, with awards of up to $10,000 for the most serious claims and as little as $50 for minor ones.
After announcing the hack in October 2023, the company said the malicious actor obtained DNA Relatives profiles for about 5.5 million consumers. Data for another 14.1 million customers who used a product called Family Tree also was accessed.
23andMe Bankruptcy and Rebirth
In March 2025, 23andMe, now named Chrome Holding Co., filed for bankruptcy and liquidated most of its assets. Anne Wojcicki, who founded the beleaguered firm, bought it back amid controversy.
The settlement brings closure to the victims of the 2023 data breach, but it also highlights the importance of cybersecurity and data protection in the genetics testing industry. As the use of genetic data becomes more widespread, companies like 23andMe must prioritize the security and privacy of their customers’ sensitive information.
The case serves as a reminder that data breaches can have severe consequences, not only for the individuals affected but also for the companies responsible for protecting their data. In this case, the breach led to a significant financial burden for 23andMe, ultimately contributing to its bankruptcy and rebirth under new ownership.
In the end, the settlement fund provides some measure of relief for the victims of the breach, but it also underscores the need for greater accountability and transparency in the genetics testing industry. As the industry continues to evolve, it is essential that companies prioritize cybersecurity and data protection to prevent similar breaches from occurring in the future.
The 23andMe data breach settlement is a significant development in the ongoing conversation about data protection and cybersecurity in the genetics testing industry. It highlights the importance of responsible data handling practices and the need for companies to prioritize the security and privacy of their customers’ sensitive information.
As the industry moves forward, it is crucial that companies like 23andMe learn from their mistakes and implement robust cybersecurity measures to prevent similar breaches from occurring. The settlement fund provides a measure of closure for the victims, but it also serves as a reminder of the ongoing need for vigilance and accountability in the genetics testing industry.
Conclusion
In conclusion, the 23andMe data breach settlement is a significant development in the ongoing conversation about data protection and cybersecurity in the genetics testing industry. The settlement fund provides some measure of relief for the victims, but it also highlights the importance of responsible data handling practices and the need for companies to prioritize the security and privacy of their customers’ sensitive information.
The case serves as a reminder that data breaches can have severe consequences, not only for the individuals affected but also for the companies responsible for protecting their data. As the industry continues to evolve, it is essential that companies prioritize cybersecurity and data protection to prevent similar breaches from occurring in the future.
Ultimately, the 23andMe data breach settlement is a step towards accountability and transparency in the genetics testing industry. It highlights the importance of responsible data handling practices and the need for companies to prioritize the security and privacy of their customers’ sensitive information. As the industry moves forward, it is crucial that companies learn from their mistakes and implement robust cybersecurity measures to prevent similar breaches from occurring.
Source: The Record