Victims of 23andMe's Data Breach Could Get $10,000. Here's What You Need to Know
The lawsuit accusing the company of not doing enough to protect its customers was filed in January 2024. The suit also accused 23andMe of not notifying certain customers with Chinese or Ashkenazi Jewish ancestry that their data was targeted specifically and spread on the dark web.
As part of the proposed settlement, which still requires preliminary court approval, the company will provide as much as $10,000 to qualifying customers, depending on the hardships they incurred, as well as various security services.
"We have executed a settlement agreement for an aggregate cash payment of $30 million to settle all US claims regarding the 2023 credential stuffing security incident," a 23andMe spokesman told CNET. "We continue to believe this settlement is in the best interest of 23andMe customers, and we look forward to finalizing the agreement."
Here's what we know about the terms of 23andMe data settlement, and what standards you'll need to meet to get some money from it. For more on recent settlements, read about how you might be able to claim money from CashApp and who is eligible for a real estate agent fee settlement .
How many people were impacted by the 23andMe data breach?
The settlement could cover roughly 6.9 million 23andMe customers whose data was targeted in the leak. To qualify for the proposed settlement, 23andMe users must also have been a US resident on Aug. 11, 2023.
That 6.9 million number includes around 5.5 million users of 23andMe's DNA Relatives profiles, which lets users find and connect with genetic relatives. The other 1.4 million people affected by the breach used another service known as Family Tree, which predicts a family tree based on the DNA users share with relatives, 23andMe said.
How much money could you get as part of the 23andMe settlement?
At the top end, 23andMe has said that it will pay out up to $10,000 with an "Extraordinary Claim" to users who can verify that they suffered hardships as a direct result of their information being stolen in the data breach that resulted in unreimbursed costs. This includes costs resulting from "identity fraud or falsified tax returns," from acquiring physical security systems, or from receiving mental health treatment.
Residents of Alaska, California, Illinois and Oregon who were impacted by the breach can also apply for a payment as part of the proposed settlement, since those states have genetic privacy laws with damages provisions. The payments for these individuals are expected to be around $100, depending on how many people file for them, a settlement document said.
Also, a smaller subset of affected users whose personal health information was impacted by the breach will be able to apply for a payment of $100.
Infographic credit: Gianmarco Chumbe/CNET; Background image: Jason Doiy/
Will the settlement include anything else?
Beyond those payments, 23andMe will also offer impacted users three years of a security monitoring service called Privacy Shield, which filings described as providing "substantial web and dark web monitoring."
Can you apply for settlement yet?
As of now, there's no way to apply for a payment as part of this proposed settlement. CNET will provide updates on this aspect of the story as they become available.