23andMe’s $30M Settlement Paying Out Up To $10K To Customers Impacted By Data Breach

The data breach occurred in 2023, affecting nearly 7 million of the San Francisco-based company's customers.

A recent data breach at 23andM impacted many of its customers. If eligible, the $30 million settlement may pay victims sizable compensation.

According to Forbes, the settlement has a maximum payout of $10,000, depending on the data breach’s effect on victims. Eligible customers can file between three main types of claims, ranging from extraordinary cases to just statutory cash.

For California, Illinois, Oregon, and Alaska residents, victims in these states can receive a general compensation amount if they receive a notification of the breach. However, the payout will be significantly less than the max, with the check likely around $100.

Those filing health information claims can expect the same compensation. However, they can only acquire this money if their sensitive data is compromised. As for extraordinary claims, they remain reserved for customers who dealt with identity theft or had to pay for security services in light of those issues.

While they may be able to get $10,000 for their troubles, documentation remains crucial to obtaining the checks. Moreover, beyond the wide compensation range, 23andMe will offer all impacted customers three years of security monitoring services.

The data breach occurred in 2023, affecting nearly 7 million of the San Francisco-based company’s customers. Hackers compromised the birth years, ancestry reports, and raw genotypes of those impacted. While 23andMe announced the breach in October, it did not share the full extent of the issue until the following month. It also noted that the leak started months earlier, in April.

Many customers felt that 23andMe failed to fully protect them from such exposure, leading to a lawsuit in early 2024. CNET reported the lawsuit also accused the genetic testing company of not notifying Chinese and Ashkenazi Jewish customers that they were targeted specifically. Their information allegedly spread on the dark web.

While the settlement still requires approval, 23andMe intends to provide monetary compensation to its customers for their losses.

“We have executed a settlement agreement for an aggregate cash payment of $30 million to settle all US claims regarding the 2023 credential stuffing security incident,” a 23andMe spokesman told the news outlet. “We continue to believe this settlement is in the best interest of 23andMe customers, and we look forward to finalizing the agreement.”