Skip to main content
    23andMe Pays $18 Million for Data Breach That Exposed Genetic Information
    AI
    2 min read

    23andMe Pays $18 Million for Data Breach That Exposed Genetic Information

    The genetic testing company failed to protect customer data and will pay millions in settlement. If you used 23andMe, check what information was exposed.

    Source

    DataBreaches.net

    Original headline: NY Attorney General James Secures $18 Million From 23andMe for Failing to Protect Customers’ Genetic Data

    Plain-English summary by GetCyberRight. Read the full report at the source above.

    Published Saturday, July 18, 2026Updated Sunday, July 19, 20262 min read
    Share:

    New York Attorney General Letitia James and 42 other state attorneys general have secured an $18 million settlement from 23andMe for failing to protect customers' genetic and personal data. The genetic testing company did not adequately safeguard sensitive information, which led to customer data being exposed. This settlement is part of ongoing legal action against the company for its security failures. If you or anyone in your family has ever used 23andMe's genetic testing services, your genetic information and personal data may have been affected. This includes not just your DNA results, but potentially your name, contact information, and other details you provided when signing up for the service.

    Even if you have not used 23andMe recently, your old account data may still have been involved in this breach.

    Stay one step ahead of scammers

    Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.

    Here is what 23andMe customers should do now:

    1. Check if you are eligible for any compensation from this settlement. Visit the official settlement website when it becomes available, or watch for official communications from the attorneys general.
    2. Log into your 23andMe account and review your privacy settings. Consider whether you want to keep your account active or delete it.
    3. If you decide to delete your account, request that 23andMe delete all of your genetic data from their systems. Keep a record of this request.
    4. Monitor your email and other accounts for suspicious activity. Change your 23andMe password if you have used the same password on other websites.
    5. Be alert for phishing emails claiming to be from 23andMe or related to the settlement. Scammers often exploit news like this to trick people. Think carefully before sharing genetic information with any company in the future. Unlike a password or credit card number, you cannot change your DNA if it gets exposed. Before using genetic testing services, research their privacy policies and security track record. Remember that genetic information can reveal details not just about you, but also about your family members who did not consent to testing.

    Protect Yourself

    Use our GCR Data Shield to check if you're affected and take action.

    Found this useful?

    Share it with someone who could use a heads-up.

    Share:

    Curated from trusted cybersecurity sources by GetCyberRight

    Source: DataBreaches.net

    Discussion

    0

    Sign in to join the discussion.

    Stay ahead of cyber threats

    Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.