A looming deadline is fast approaching for millions whose deeply personal genetic information was exposed in a massive data breach. If you were a 23andMe customer between May and October of 2023, you may be entitled to compensation from a settlement stemming from the 2023 cyberattack that compromised the data of roughly 6.4 million people.
The breach, a result of a “credential-stuffing” attack, triggered a cascade of concerns about identity theft and the misuse of sensitive genetic data. 23andMe ultimately agreed to a payout ranging from $30 to $50 million, a deal recently approved by the courts, but time is of the essence to file a claim.
The amount of compensation varies significantly depending on the nature of the harm experienced. Those who suffered direct financial losses – like identity theft or fraudulent tax filings – could receive up to $10,000 to cover expenses related to recovery, including bolstering cybersecurity and even mental health support.
Even if you didn’t experience direct financial loss, you may still be eligible for a payment. Individuals who received notification that their health information was specifically compromised in the breach can claim up to $165. This includes raw genetic data, health predisposition reports, and details about self-reported medical conditions.
Residents of Alaska, California, Illinois, and Oregon may receive an additional $100 due to stricter state privacy laws. However, it’s important to understand that the distribution of these funds will likely take time, as processing a large volume of claims is a complex undertaking.
Beyond monetary compensation, the settlement provides a crucial layer of protection: five years of identity monitoring services. This comprehensive program, called Privacy & Medical Shield + Genetic Monitoring, is available to all class members, regardless of whether they receive a direct financial payout.
To file a claim, you must have received a notification – either by mail or email – informing you that your information was compromised. You’ll also need to attest to experiencing some form of damage, whether financial or otherwise, as a result of the breach.
The absolute deadline for submitting a claim is February 17, 2026, unless you received a separate notice with a different date. Claims can be filed online, or a hard copy can be mailed, but it must be postmarked by the deadline. Be prepared to provide personal information and supporting documentation to substantiate any losses claimed.
This settlement represents a critical step towards accountability for the breach and offers a measure of relief to those whose most private information was put at risk. Don't delay – the window to claim your compensation is rapidly closing.