23andMe data breach settlement overview:
- Who: Personal genomics company 23andMe agreed to a $30 million settlement that would benefit a class of more than 6 million 23andMe customers.
- Why: The settlement would end a multidistrict litigation revolving around a 2023 data breach in which 23andMe customers claim the company failed to protect their sensitive information.
- Where: The 23andMe data breach case is in California federal court.
Personal genomics and biotechnology company 23andMe agreed to pay $30 million to end a multidistrict litigation revolving around a 2023 data breach.
The settlement benefits the more than 6 million 23andMe customers whose personal information was stolen during a data breach — and, in some cases, posted on the dark web — that was disclosed by the company in October 2023.
In a motion for preliminary approval filed earlier this month, 23andMe customers representatives called the settlement agreement an “outstanding result” that “maximizes the relief available from a Defendant in an uncertain financial situation.”
“The benefits provided by the Settlement Fund are carefully tailored to redress the harms faced by the victims of the 23andMe Security Incident announced in October 2023,” the motion says.
23andMe settlement to provide up to $10K for losses incurred as direct result of data breach
The 23andMe data breach exposed personal information and limited health, genetic and ethnic information, according to the motion for preliminary approval.
The settlement, meanwhile, will provide compensation in the form of monetary reimbursement of up to $10,000 for losses incurred as a direct result of the data breach and cash payments for individuals whose health information was exposed.
The agreement also provides cash payments for residents of Alaska, California, Oregon and Illinois — which have genetic privacy laws that provide for statutory damages — in addition to three years of “state of the art” privacy services through Privacy Shield.
More than 40 class action lawsuits were filed against 23andMe in the wake of the data breach, with consumers broadly claiming the company failed to protect the sensitive information of its customers.
The complaints were centralized into a multidistrict litigation in California federal court in April, reports Law360.
Were you affected by the 23andMe data breach? Let us know in the comments.
The plaintiffs are represented by Gayle M. Blatt of Casey Gerry Shenk Francavilla Blatt & Penfield LLP, Cari Campen Laufenberg of Keller Rohrback LLP, and Norman E. Siegel of Stueve Siegel Hanson LLP
The 23andMe data breach settlement is In re: 23andMe Inc. Customer Data Security Breach Litigation, Case No. 3:24-md-03098, in the U.S. District Court for the Northern District of California.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
Washington residents: Did you receive a ‘refer a friend’ text for Capital One, Venmo, Tesla, Coinbase, or another company?
September 23, 2025 | Legal News
94 thoughts on$30M 23andMe settlement resolves data breach multidistrict litigation
I live in Illinois, how do I file for the addition claim? I received nothing regarding this from 23andMe but still have reason to believe that I was affected.
I forgot to include that I lived in Illinois until February 2025, so I may have more rights.
I got my genome sequenced by 23andme at least ten years ago, and I followed many of the health issues based on genetic defects – that is, until they began to charge for such a privilege. I have some serious genetic defects that have rendered me in my adult life to be completely disabled. If there are settlements being handed out, please include me.
Are you all aware of the specific threat targeting Ashkenazi Jews and Chinese heritages? This data breach goes much deeper and is more serious than just our identity being stolen. For all who have the two lineages I mentioned, don’t take my word for it; look it up for yourselves. I’m not trying to scare anyone, but when I discovered this info, I was terrified, and I don’t leave my house if I don’t have to. One AG writes, quote; “first breach targeted profiles of Ashkenazi Jews and sold on the black market, second breach targeted Chinese and sold as well, third breach targeted DNA relatives from the sites ‘family tree’ feature and also sold” Given the conflicts in the middle east, this could be a dangerous situation if there is bad intent to attack certain groups of people. Other info states, individuals have been caught and arrested from “sleeper cells” who entered this Country from Iran, etc., during Biden’s open border policy and are supposedly laying low. But for what? Be careful.