Facebook
Britain's News Portal
Around The Clock
BREAKING
Loading latest headlines…

23andMe Data Breach Victims to Receive £35m Payout After 2023 Hack

Victims of the 2023 23andMe data breach are set to receive a multi-million-pound payout following a US court ruling. The genetic testing firm, which suffered a significant hack, will compensate affected individuals.

  • A US bankruptcy court has approved a $46.75 million (£35 million) compensation payout for victims of the 2023 23andMe data breach.
  • Chrome Holding, which acquired 23andMe after its bankruptcy, is responsible for the settlement.
  • The breach, which occurred in 2023, exposed highly personal genetic and family history data for up to 6.9 million people.
  • The UK's Information Commissioner's Office (ICO) previously fined 23andMe £2.31 million for failing to secure sensitive user data.
  • The funds are expected to be distributed to victims by Kroll Restructuring.

Victims of the significant 2023 data breach at genetics testing company 23andMe are now set to receive a substantial multi-million-pound payout. A Californian bankruptcy court judge ruled on Tuesday that Chrome Holding, the entity that took control of 23andMe following its bankruptcy last year, must pay out $46.75 million, equivalent to approximately £35 million, in compensation to those affected.

23andMe, known for compiling genetic profiles through DNA testing kits, faced severe criticism after as many as 6.9 million individuals had their highly personal data compromised in the 2023 cyberattack. The breach, while initially affecting around 14,000 user accounts directly, allowed hackers to access the profiles of those users' relatives, thereby exposing millions of hosted profiles containing sensitive health and family history information.

The ruling stipulates that the settlement funds will first be transferred to Kroll Restructuring, the firm representing the victims, within five business days from Tuesday. Kroll will then be responsible for distributing these funds to the individual victims. The appointment of such companies is standard practice in complex corporate bankruptcy proceedings like this one.

The incident led to widespread investigations and regulatory fines, including a notable £2.31 million penalty from the Information Commissioner's Office (ICO), the UK's data protection watchdog. The ICO concluded that 23andMe had failed to implement adequate measures to safeguard sensitive user data before the breach occurred. Furthermore, the Attorney General of California, Rob Bonta, sued the company in May 2026, alleging that 23andMe not only failed to protect user data but also misrepresented the severity of the 2023 breach to consumers.

Despite these significant challenges, including filing for bankruptcy early last year and ongoing legal battles, 23andMe has continued its operations, offering DNA testing kits online. The company, which commenced operations in 2006 and went public in 2021, was once valued at $6 billion but has yet to report a profit. This payout underscores the increasing financial and reputational risks companies face when failing to protect customer data.

Why this matters: This case highlights the growing importance of data security for UK consumers and businesses, demonstrating the severe financial consequences for companies that fail to protect sensitive personal information.

What this means for you: What this means for you: This payout serves as a stark reminder for UK consumers about the risks associated with sharing personal data online, particularly sensitive genetic information. It also signals that regulatory bodies, like the ICO, are actively pursuing companies that fall short on data protection, offering some reassurance that there are consequences for negligence.

Related Articles

Get the news that matters.

Join thousands of readers getting the best of British news straight to their inbox.