Key facts
- Victims of the 2023 23andMe data hack will receive $46.75 million in compensation.
- A California bankruptcy court judge approved the settlement.
- Chrome Holding, which acquired 23andMe's assets, is ordered to pay the settlement.
- The funds will be distributed to victims through Kroll Restructuring.
- The breach exposed sensitive genetic data of millions of users and their relatives.
Victims of a 2023 data hack at genetics testing company 23andMe are set to receive a multi-million dollar payout following a ruling by a California bankruptcy court judge. Chrome Holding, which acquired 23andMe's assets after its bankruptcy, has been ordered to pay $46.75 million in compensation.
The ruling mandates that the settlement funds be paid to Kroll Restructuring, acting on behalf of the victims, within five business days. Kroll will then be responsible for distributing the compensation to the affected individuals.
23andMe, known for compiling genetic profiles through DNA testing kits, faced significant criticism after the 2023 hack. While hackers directly accessed around 14,000 user accounts, the breach exposed sensitive genetic information, including health and family history markers, of up to 6.9 million people and their relatives.
The company filed for bankruptcy approximately 18 months after the breach. The incident led to regulatory scrutiny and fines, including a £2.31 million penalty from the UK's Information Commissioner's Office for failing to implement adequate security measures. California's Attorney General, Rob Bonta, also sued 23andMe, alleging the company failed to protect user data and misled consumers about the breach's severity.
Chrome Holding operates under the name TTAM Research Institute and is run by 23andMe's co-founder, Anne Wojcicki. She secured the company's assets through a $305 million bid in a bankruptcy auction last year. Despite the bankruptcy and data breach issues, 23andMe has continued its operations, selling DNA testing kits online.