---
title: "A Judge Approves a $47 Million Payout for 23andMe Data Breach Victims"
description: "A US bankruptcy judge has approved a roughly $47 million settlement for customers whose data was exposed in the 2023 breach of the DNA-testing company 23andMe, which hit nearly 7 million people. The payout closes one chapter of a saga that also saw the company go bankrupt and its genetic database sold to a nonprofit led by its co-founder."
category: "Companies"
category_url: https://boursel.com/category/companies
author: "Kenji Nakamura"
published: 2026-07-08T01:37:22.000Z
updated: 2026-07-08T01:37:22.000Z
canonical: https://boursel.com/article/a-judge-approves-a-47-million-payout-for-23andme-data-breach-victims
tags: ["23andme", "data-breach", "genetic-privacy", "bankruptcy", "settlement"]
---
# A Judge Approves a $47 Million Payout for 23andMe Data Breach Victims

A US bankruptcy judge has approved a roughly $47 million settlement for customers whose data was exposed in the 2023 breach of the DNA-testing company 23andMe, which hit nearly 7 million people. The payout closes one chapter of a saga that also saw the company go bankrupt and its genetic database sold to a nonprofit led by its co-founder.

The long unraveling of 23andMe, from Silicon Valley darling to bankrupt cautionary tale, has reached a settlement for the customers caught in the middle. A US bankruptcy judge has approved a fund of about $47 million to compensate people whose personal information was exposed in the company's 2023 data breach, [the BBC reported](https://www.bbc.co.uk/news/articles/cn0vnx2192vo).

## What was approved

The settlement, worth roughly $46.7 million, was signed off as part of 23andMe's bankruptcy proceedings, [Bloomberg Law reported](https://news.bloomberglaw.com/bankruptcy-law/23andme-data-breach-claimants-to-receive-47-million-under-deal). Not all of it reaches victims directly; a portion goes to the administrator that processes claims, leaving the balance to be paid out to eligible customers. Payments are tiered by harm: modest sums, on the order of $100, for customers in certain states with genetic-privacy laws; somewhat more for those whose health-related data was exposed; and up to $10,000 for the small number who can document extraordinary, provable losses tied to the breach.

## The 2023 breach

The breach that prompted all this was not a dramatic hack of 23andMe's core systems but something more mundane and, in a way, more troubling. Attackers used a technique called "credential stuffing", trying username-and-password combinations leaked from other websites, on the bet that many people reuse the same login. Enough did. From a few thousand directly compromised accounts, the attackers were able to reach a feature that connects users to genetic relatives and scrape data on far more people.

In total, information belonging to about 6.9 million people was affected, [as widely documented](https://news.bloomberglaw.com/bankruptcy-law/23andme-data-breach-claimants-to-receive-47-million-under-deal). The exposed data included ancestry and genetic-relative information. What makes genetic data uniquely sensitive is that, unlike a password or a card number, you cannot change it: your DNA is permanent, and it is shared, in part, with your relatives.

## Bankruptcy, and who owns the DNA now

The breach was one blow among many. Years of losses, a collapsed share price and the failure to build a profitable business on top of one-time testing kits pushed 23andMe into Chapter 11 bankruptcy in 2025. Its most valuable asset was precisely the thing customers were most anxious about: a database of millions of people's genetic information.

That database changed hands as part of the bankruptcy. A nonprofit research institute led by 23andMe's co-founder, Anne Wojcicki, acquired the company's assets for around $305 million, [CNBC reported](https://www.cnbc.com/2025/06/13/anne-wojcicki-to-buy-back-23andme-and-its-data-for-305m.html), pledging to honor customers' rights to delete their data and opt out of research. Even so, several US state attorneys general objected to genetic records being transferred in a bankruptcy sale, arguing customers never consented to that.

## Why it matters

The episode is a landmark in a question the digital economy has not resolved: what happens to your most intimate data when the company holding it fails. Ordinary breaches expose information that can, eventually, be changed or reissued. A genetic breach exposes something permanent, and implicates relatives who never signed up. The $47 million settlement puts a number on that harm, but a modest one relative to the sensitivity of the data and 23andMe's one-time multibillion-dollar valuation. For regulators and consumers alike, the lasting lesson is about the fragility of data custodians, and the need to think about where sensitive information ends up if the business collecting it does not survive.

## Sources

- [Victims of 23andMe data breach to get $47m payout, judge rules](https://www.bbc.co.uk/news/articles/cn0vnx2192vo)
- [23andMe data breach claimants to receive $47 million under deal](https://news.bloomberglaw.com/bankruptcy-law/23andme-data-breach-claimants-to-receive-47-million-under-deal)
- [Anne Wojcicki to buy back 23andMe and its data for $305 million](https://www.cnbc.com/2025/06/13/anne-wojcicki-to-buy-back-23andme-and-its-data-for-305m.html)

