Bankruptcy Administrator Approves $47 Million Settlement Fund for 23andMe Data Breach Victims
A Missouri bankruptcy court administrator has approved a $46.8 million settlement fund for approximately 7 million 23andMe customers whose genetic and personal data was stolen in a 2023 breach.
A Missouri bankruptcy court administrator on Wednesday approved a $46.8 million settlement fund for approximately 7 million 23andMe customers whose genetic and personal data was stolen in a breach that began in April 2023. The settlement, signed off by the plan administrator, provides compensation for affected individuals after attackers used credential-stuffing techniques to exploit reused passwords, accessing DNA Relatives profiles for about 5.5 million customers and Family Tree data for another 14.1 million users. Stolen information was later posted on dark web forums, sparking a class-action lawsuit that sought $48 billion in damages.
The approved fund allocates $32.5 million directly to victims, while over $14 million will cover administrative costs for Kroll, the settlement and claims administrator. The plan administrator determined the reduced amount was appropriate given 23andMe's dire financial condition, noting that a $30 million prepetition settlement had been deemed "reasonable" by the district court. Litigating the larger sum would have "exposed the estates to protracted, high-stakes litigation lasting months, if not years," according to court documents.
Nearly 256,000 claims have been resolved so far, with individual awards ranging from $50 for minor harms up to $10,000 for the most serious cases, depending on the severity of damages suffered. The breach, disclosed by the company in October 2023, stemmed from credential-stuffing attacks that targeted accounts with reused passwords, allowing hackers to access a wealth of sensitive genetic and family relationship data.
23andMe, once a pioneering direct-to-consumer genetics testing company, had been struggling financially even before the breach. By March 2025, the company — now named Chrome Holding Co. — filed for bankruptcy and liquidated most of its assets. Founder Anne Wojcicki subsequently bought back the beleaguered firm amid controversy, though the settlement marks a key step in providing redress to affected customers.
The case highlights growing scrutiny around the security of genetic data, which carries unique privacy risks due to its irreplaceability and implications for family members. Legal experts note that the relatively low per-victim payouts — even in a $47 million fund — reflect the challenge of valuing genetic privacy harms in bankruptcy proceedings, where creditor claims often face steep discounts.