23andMe Data Breach Victims Awarded $46.75 Million Settlement

23andMe Data Breach Victims Awarded $46.75 Million Settlement

First seen 8 Jul 2026, 20:52 UTC BbcFox13Newswww.bbc.co.uk 88% similarity 61.5

Article Content

Browse articles
ThreatCluster

A California bankruptcy court judge ruled that 23andMe must pay $46.75 million to victims of a 2023 data breach that exposed the personal information of approximately 6.9 million customers. The breach occurred when hackers used credential stuffing to access user accounts, compromising sensitive genetic and personal data. The ruling follows the company's bankruptcy filing in March 2025, attributed to ongoing litigation and declining demand for genetic testing. The settlement will be distributed by Kroll Restructuring, which represents the victims. The breach led to investigations and fines, including a £2.31 million penalty from the UK's Information Commissioner's Office for inadequate data protection measures. California Attorney General Rob Bonta is also pursuing a lawsuit against 23andMe for allegedly downplaying the breach's severity. The company continues to operate and offer DNA testing kits despite its financial troubles.

Key Points: • 23andMe ordered to pay $46.75 million to data breach victims. • Breach exposed sensitive data of approximately 6.9 million users. • California Attorney General pursuing further legal action against 23andMe.

ThreatCluster AI

Timeline

2023-10-01
Data breach at 23andMe occurs
Hackers accessed user accounts using credential stuffing, compromising sensitive genetic data of millions.
Fox13News
2025-03-01
23andMe files for bankruptcy
The company filed for bankruptcy, citing ongoing litigation and declining demand for genetic testing as contributing factors.
Fox13News
2026-07-08
Court approves $46.75 million settlement
A bankruptcy judge ruled that 23andMe must pay the settlement to victims of the 2023 data breach.
BBC
2026-07-08
California AG sues 23andMe
California Attorney General Rob Bonta files a lawsuit against 23andMe for allegedly downplaying the breach's severity.
BBC

Community

Browse all →