~50M Payout Approved After 23andMe Breach Impacted ~7M People
Victims of the 2023 23andMe data breach are set to receive a $46.75 million payout after a California bankruptcy court approved compensation tied to the massive genetics-data incident. The breach began with roughly 14,000 directly accessed user accounts, but because 23andMe’s platform allowed users to view genetic relatives and shared profile data, attackers ultimately accessed information tied to as many as 6.9 million people. The settlement will be paid by Chrome Holding, which took control of 23andMe’s assets after bankruptcy, and distributed through Kroll Restructuring to affected victims.
The breach remains one of the most sensitive consumer data incidents in recent years because it involved genetic profiles, ancestry data, health-related markers, family relationships, and other highly personal information. Regulators said 23andMe failed to implement adequate safeguards, with the UK Information Commissioner’s Office issuing a £2.31 million fine, while California’s attorney general later sued the company over alleged failures to protect users and disclose the severity of the incident. For a company built on trust in DNA testing, the damage went beyond a single hack: customers had to confront the reality that genetic and family-history data, once exposed, cannot simply be reset like a password.
The key lesson is that identity security alone is not enough when one compromised account can expose an entire network of connected profiles. Companies handling sensitive consumer, healthcare, or genetic data need unified visibility in a platform like NIKSUN that traces access from login behavior and credential misuse to application permissions, API activity, profile lookups, database queries, file exports, and outbound network traffic. With AI root-cause analysis, immutable audit trails, automated containment, and privacy compliance monitoring, organizations can prove what was accessed, limit blast radius, and protect the kind of personal data that cannot be changed after a breach. Read more about this story on our LinkedIn page
We use cookies to offer you a better browsing experience and to analyze site traffic. By using our site, you consent to our use of cookies.
Essential Cookies
Site Analytics
Essential Cookies
These cookies are necessary for certain areas of the site to function. They are used for access to secure areas of the website and to help us comply with legal requirements like GDPR.
Site Analytics
These cookies are used to collect information about how users use our site. We use these to improve how our website works.