The 23andMe data breach settlement deadline looms as affected users must act before July 14, 2025, to claim their share of a $30 million settlement.
Key Takeaways
- 23andMe filed for Chapter 11 bankruptcy, impacting a $30 million settlement.
- Affected users must file claims by July 14, 2025, to receive compensation for losses.
- The breach compromised sensitive data of approximately 7 million users.
- Congress and global regulators are scrutinizing privacy and security concerns.
Understanding the Breach and Settlement
23andMe suffered a major credential-stuffing data breach, impacting millions of users’ sensitive information, including DNA-related data. In the aftermath of the breach, a class action lawsuit resulted in a $30 million settlement meant to compensate affected individuals. The payouts differ, with totals ranging from $4.35 to $10,000 based on breach severity. Those seeking compensation must submit a Cyber Security Incident Claim by the deadline of July 14, 2025, to be eligible for reimbursement.
The breach’s exposure was not immediate, spanning from April to September 2023 before 23andMe detected the unauthorized access. The breach affected the DNA Relatives feature, subsequently leading to hackers attempting to sell one million customers’ data on the dark web. Congress has expressed concern regarding the privacy implications, prompting investigations by UK and Canadian authorities.
“We have executed a settlement agreement for an aggregate cash payment of $30 million to settle all U.S. claims regarding the 2023 credential stuffing security incident."https://t.co/oSpb0fHaVk
— KHON2 News (@KHONnews) September 24, 2024
23andMe’s Financial Struggles
23andMe’s financial difficulties are illustrated by its Chapter 11 bankruptcy filing not long after acquiring Lemonaid Health and LPRXOne. The genetic testing behemoth planned a financial restructuring while continuing operations. The bankruptcy has placed a temporary hold on the settlement distribution, but eligible users are advised to preserve their compensation rights by filing claims promptly.
Several executive departures, declining sales, and investments in digital health and telemedicine compounded the financial setbacks that led 23andMe to seek bankruptcy protection. Filings occurred in the Eastern District of Missouri on March 23, reflecting the company’s struggle amid the crisis.
So, 23andMe is settling a lawsuit for $30 million after a data breach last year that compromised the personal information of 6.4 million users. Hackers exploited 23andMe's "DNA relatives" feature, and then tried to sell the stolen data online. Some users, especially those who… pic.twitter.com/ax7Adjdobc
— Ernesto (@jeminjuey) September 14, 2024
Taking Action: Preserving Privacy and Rights
Amid privacy concerns and the ongoing bankruptcy, California Attorney General Rob Bonta advised users to “delete your data and destroy any samples of genetic material held by the company.” Affected users can remove their account and genetic data via their 23andMe account settings. Those in Alaska, California, Illinois, and Oregon may receive about $100 due to state privacy laws, in addition to potential compensation from the settlement.
Identity protection is included, offering three years of monitoring through Privacy & Medical Shield + Genetic Monitoring for those impacted. Eligible users must not procrastinate and submit a formal proof of claim to secure their share of the settlement. Failure to act by July 14, 2025, could result in forfeiting one’s compensation rights amidst the bankruptcy.
Sources:
- 23andMe customers notified of bankruptcy and potential claims — deadline to file is July 14 | TechCrunch
- 23andMe Deadline—You Have Until July 14 To File A Claim
- 23andMe Data Breach Compensation – Submit a Claim
- You Can Now Claim a Payout From the 23andMe Data Breach | Lifehacker
