If you were affected by 23andMe’s data breach—which involved the information of approximately 6.4 million U.S. residents—you have just a few more days to claim your compensation. Following the 2023 credential-stuffing attack, 23AndMe in 2024 agreed to a $30–$50 million payout for impacted consumers. The genetic testing company then filed for Chapter 11 bankruptcy in 2025 (introducing new privacy concerns around the potential sale of customer data). The courts approved the deal last month, and class members have until Feb. 17 to submit claims related to the cyber incident.
How much you’ll receive from the 23andMe settlement
There are several tiers of payouts with the 23andMe settlement. Users with an “extraordinary claim”—those who experienced identity theft or fraudulent tax filings as a result of the breach—could qualify for up to $10,000 to reimburse verified expenses, including costs for physical or cyber security systems as well as mental health treatment.
Claimants who received notices that certain health information was leaked in the breach will be paid up to $165. Eligible data include raw genotype data, health reports (including health predisposition reports, wellness reports, and carrier status reports), and self-reported health conditions. Individuals residing in Alaska, California, Illinois, and Oregon will receive an additional $100 thanks to state privacy laws. Note that payments will likely take time to be distributed.
The settlement also provides for five years of identity monitoring services through a customized program called Privacy & Medical Shield + Genetic Monitoring. This is available to all class members regardless of payout.
What do you think so far?