Financial Compensation Available for 23andMe Data Breach Victims

Individuals impacted by the 23andMe data breach may be entitled to financial compensation from a $30 million settlement. The company disclosed the breach in October 2023, indicating that unauthorized actors accessed user accounts through a “credential stuffing” attack. This technique involves using stolen login credentials from unrelated websites, highlighting the vulnerability associated with using the same passwords across multiple platforms.

Although 23andMe’s core systems were not directly compromised, sensitive information such as names, birth years, ancestry data, and details shared via the “DNA Relatives” feature were exposed. Affected customers are now eligible for compensation, and payouts may reach as much as $10,000 for certain claims.

The settlement outlines three main compensation categories, which may differ depending on the number of claims and the total settlement amount. For those keen on filing a claim, the process will be facilitated through an online portal, with the option to submit via mail for those who prefer a physical submission.

Customers filing extraordinary claims, which could include costs for identity protection or financial losses, are advised to attach supporting evidence, such as relevant receipts or records. These claims must be sent to the following address: P.O. Box 301172, Los Angeles, CA 90030-1172.

Furthermore, individuals affected by the breach will gain access to three years of security monitoring services. These services will focus on identity theft prevention and addressing additional security risks that may arise due to the data exposure.

The deadline for claim submissions will be announced following the court’s final approval of the settlement. Victims of the breach now have the occasion to seek restitution for the unauthorized use of their personal data.