Particle.news
Download on the App Store

42 States Secure $18 Million From 23andMe Over 2023 DNA Breach

It imposes enforceable data-security rules with consumer deletion rights to curb risks from permanent genetic records.

Overview

  • A bipartisan coalition of 42 state attorneys general announced a settlement on Tuesday that requires 23andMe to pay $18 million to resolve state-law claims tied to the October 2023 breach.
  • The settlement includes state-by-state allocations such as about $705,000 for New York, roughly $491,902 for Pennsylvania, and about $410,000 for New Jersey with other states receiving set shares based on impacted users.
  • The multistate deal is separate from a $46.75 million class-action pool tied to 23andMe’s bankruptcy that remains under court administration for distribution to claimants.
  • As part of the enforcement, attorneys general won specific security and consumer protections including mandated risk analyses, required multifactor authentication and monitoring, an advisory board to oversee safeguards, and a retained right for consumers to delete their genetic data.
  • The settlement follows findings that a hacker directly accessed about 14,000 accounts while 23andMe’s networked features exposed profile and genetic-linked information for millions and it reflects wider concern about the immutability and identifiability of genetic data after the company’s 2025 bankruptcy and sale of data to TTAM Research Institute.