23andMe Data Breach Settlement Approved as Court Clears $46.75 Million Payout for Victims
Share

The 23andMe Data Breach Settlement has moved a step closer to compensating millions of affected customers after a U.S. bankruptcy judge approved a $46.75 million payout for victims of the company’s 2023 cyber incident. The breach exposed sensitive genetic information and personal data belonging to nearly 6.9 million users, making it one of the most significant privacy incidents involving a consumer DNA testing company in recent years. The ruling comes as 23andMe continues to deal with legal challenges, bankruptcy proceedings, and regulatory scrutiny over its handling of customer information.
Key Points
- A U.S. bankruptcy judge approved a $46.75 million settlement for victims of the 2023 23andMe data breach.
- The breach exposed sensitive data belonging to approximately 6.9 million customers.
- Around $14.29 million has already been distributed to affected users.
- The newly approved payout adds another $32.46 million for compensation claims.
- California regulators continue to pursue legal action against the company.
- The company previously filed for bankruptcy citing the breach, litigation costs, and declining business demand.
Court Approves Settlement for Millions of Customers
The settlement received approval from U.S. Bankruptcy Judge Brian Walsh in St. Louis, who described the agreement as fair and equitable for customers affected by the data breach. The payout will be administered through a trust supervised by the company’s bankruptcy administrator.
While the settlement amount totals $46.75 million, approximately $14.29 million had already been paid out through previous arrangements related to the incident. This means the latest approval unlocks an additional $32.46 million for eligible claimants.
What Happened in the 23andMe Data Breach?
The cyberattack, disclosed in 2023, exposed a large volume of customer information stored by the genetic testing company. The compromised data reportedly included names, profile details, ancestry information, and in some cases, genetic data linked to users’ DNA testing results. The scale and sensitivity of the exposed information raised serious concerns among privacy experts and regulators.
Unlike traditional breaches involving passwords or payment information, the exposure of genetic information carries long-term privacy implications because DNA data cannot be changed or replaced once compromised.
Data Breach Added to 23andMe’s Financial Problems
The fallout from the cyberattack extended beyond legal claims. 23andMe filed for Chapter 11 bankruptcy protection in March 2025, citing mounting litigation expenses related to the breach, increasing competition in the consumer genetics market, and declining demand for DNA testing kits.
In July 2025, the company’s assets were acquired for $305 million by TTAM Research Institute, a nonprofit organization controlled by 23andMe co-founder and former CEO Anne Wojcicki.
California Continues Legal Action
The settlement does not end all legal troubles for the company. Rob Bonta, the Attorney General of California, has filed a separate lawsuit accusing the company of ignoring warnings about vulnerabilities in its systems and minimizing the seriousness of the breach after it became public.
The lawsuit seeks civil penalties that could amount to millions of dollars against Chrome Holding Co., the legal entity that now owns the 23andMe business operations. Bankruptcy court proceedings are still underway regarding whether the state’s case can proceed independently of the bankruptcy process.
To Sum Up
The approval of the $46.75 million settlement marks a major milestone for millions of customers affected by the 23andMe cyberattack. However, the broader legal and regulatory consequences for the company are far from over. With state investigations continuing and concerns over genetic privacy growing worldwide, the case is likely to shape future discussions around data protection standards for health and DNA testing companies.
FAQs
How much is the 23andMe data breach settlement worth?
The court approved a settlement worth $46.75 million for customers affected by the 2023 data breach.
How many customers were impacted by the breach?
Approximately 6.9 million customers had their data exposed during the incident.
What type of information was compromised?
The breach exposed personal profile information, ancestry details, and certain genetic data linked to customer DNA profiles.
How much money has already been paid to victims?
Around $14.29 million had already been distributed before the latest court approval.
Is 23andMe still facing legal action?
Yes. California regulators continue to pursue separate legal proceedings against the company over its handling of the breach.
Why is the 23andMe breach considered significant?
The breach involved genetic information, which is permanent and cannot be changed like passwords or credit card numbers, making it particularly sensitive from a privacy perspective.