Skip to main content
    23andMe Pays $18 Million After Genetic Data Security Failure
    AI
    2 min read

    23andMe Pays $18 Million After Genetic Data Security Failure

    The DNA testing company failed to protect customer genetic information. If you used 23andMe, check your account and take steps to secure your data.

    Source

    DataBreaches.net

    Original headline: NY Attorney General James Secures $18 Million From 23andMe for Failing to Protect Customers’ Genetic Data

    Plain-English summary by GetCyberRight. Read the full report at the source above.

    Published Saturday, July 18, 2026Updated Sunday, July 19, 20262 min read
    Share:

    23andMe, the popular DNA testing company, will pay $18 million to settle a case brought by the New York Attorney General and 42 other state attorneys general. The company failed to properly protect customers' genetic data and personal information. This settlement addresses the company's security failures that put sensitive genetic information at risk. If you or anyone in your family has ever used 23andMe to learn about ancestry or health information, your genetic data and account information may have been affected. This includes your DNA results, family connections, health reports, and the email and password you used to create your account. Genetic information is especially sensitive because it is permanent and can reveal information about your relatives, not just yourself.

    Here is what you should do right now:

    1. If you have a 23andMe account, log in and change your password immediately. Use a strong, unique password you do not use anywhere else.
    2. Enable two factor authentication on your 23andMe account if you have not already.
    3. Review your account settings and limit what information is shared publicly or with relatives.
    4. Monitor your email for any suspicious messages claiming to be from 23andMe. Do not click links in emails. Instead, go directly to the website by typing the address yourself.
    5. Consider whether you still need your 23andMe account. If not, you can request that your data be deleted. Before using any DNA testing service in the future, understand that genetic information is permanent and cannot be changed like a password. Once shared, it creates lasting privacy risks. If you choose to use these services, always enable the strongest security settings available and limit what you share beyond the basic DNA analysis you want.

    Protect Yourself

    Use our GCR Data Shield to check if you're affected and take action.

    Found this useful?

    Share it with someone who could use a heads-up.

    Share:

    Curated from trusted cybersecurity sources by GetCyberRight

    Source: DataBreaches.net

    Discussion

    0

    Sign in to join the discussion.

    Stay ahead of cyber threats

    Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.