Skip to main content
Premium Trial:

Request an Annual Quote

23andMe to Pay $30M in Data Breach Lawsuit Settlement

This article was edited to include a comment from 23andMe.

NEW YORK – 23andMe will pay $30 million to settle a class action lawsuit over a data breach that occurred last year, the company said in a court document filed last week. It will also provide affected customers with three years of access to a security monitoring program.

The lawsuit was filed in January and claimed that the South San Francisco, California-based company had failed to protect consumers' privacy and to properly notify customers of Chinese and Ashkenazi Jewish heritage that their information may have been singled out by hackers selling it on the dark web.

"We have executed a settlement agreement for an aggregate cash payment of $30 million to settle all US claims regarding the 2023 credential stuffing security incident," a company spokesperson said via email. "We continue to believe this settlement is in the best interest of 23andMe customers, and we look forward to finalizing the agreement."

The company expects that roughly $25 million of the settlement and related legal expenses will be covered by cyber insurance coverage. 

Earlier this year, 23andMe CEO Anne Wojcicki proposed taking the company private by acquiring all its outstanding shares at $.40 per share. A special committee rejected that proposal last month.

The settlement adds to the company's recent financial struggles. Last month, the firm posted a year-over-year revenue decline of 34 percent for the first quarter of its fiscal year.