← Back
2,422 views
0 currently online

23andMe Pays $18 Million in Settlement with 42 State Attorneys General After the DNA Secrets of Millions of Americans Were Exposed and Sold for Pennies

The breach, in which Genetic data of nearly 7 million people exposed, is the latest reminder that Silicon Valley interests can't be trusted with your most personal information

gray pillars
Photo by Claire Anderson on Unsplash

On July 14, 2026, 23andMe (now operating as Chrome Holding Co.) reached an $18 million multistate settlement with a coalition of 42 attorneys general over its 2023 data breach.

American families handed over DNA samples to 23andMe expecting ancestry and health insights. Instead, they got a nightmare. Hackers stole sensitive genetic and personal data in a 2023 breach that went undetected for months. Now, years later, the company, operating under new names after bankruptcy, is paying a mere $18 million in a multistate settlement with 42 attorneys general. That's pennies on the dollar for compromising the DNA of millions.

The breach was terrible. Attackers used credential-stuffing to access accounts, grabbing genetic ancestry details, family connections, and more. Some of that stolen data ended up on the dark web, offered for sale and potentially weaponized for identity theft, discrimination, or worse. 23andMe reportedly lacked basic defenses like strong password protections or proper monitoring. They even tried blaming customers at first.

This isn't some small startup slip-up. It's part of a troubling pattern across tech: companies collect vast troves of intimate user data — from DNA to social media habits to browsing history — while skimping on security. Meta faces massive lawsuits over addictive platforms harming kids. Apple battles antitrust claims for gatekeeping. Time and again, Big Tech prioritizes growth and profits over ironclad protection for everyday Americans.

The settlement includes some new "safeguards," like better risk assessments and data deletion rights. Victims in a related class action may see up to $46.75 million total (with much already paid out). But for millions affected, it's cold comfort. Genetic information is permanent — once leaked, it's out there forever.

Conservatives have long warned about unchecked power in Silicon Valley. When firms hoard sensitive data without accountability, it erodes trust and leaves families vulnerable. Stronger oversight, real consequences, and less blind faith in Big Tech's promises are overdue.

Sources / More reading

BleepingComputer: 23andMe to pay $18 million in new genetics data breach settlement (July 16, 2026) - https://www.bleepingcomputer.com/news/security/23andme-to-pay-18-million-in-new-genetics-data-breach-settlement/

Maryland AG: Multistate Settlement Announcement - https://oag.maryland.gov/News/Pages/Attorney-General-Brown-Announces-Multistate-Settlement-of----Bankruptcy-Claims-Against-23andMe-Over-Genetic-Data-Breach-.aspx

Reuters: Judge approves $46.75 million payout - https://www.reuters.com/world/judge-approves-4675-million-payout-23andme-data-breach-victims-2026-07-07/

New York AG: $18 Million Settlement - https://ag.ny.gov/press-release/2026/attorney-general-james-secures-18-million-23andme-failing-protect-customers