Skip to main content
    23andMe Settles for $18 Million After DNA Testing Data Breach
    Action Needed
    2 min read

    23andMe Settles for $18 Million After DNA Testing Data Breach

    The DNA testing company will pay states $18 million after cybersecurity failures led to a breach. If you used 23andMe, take action to protect your account.

    Source

    The Record by Recorded Future

    Original headline: 23andMe reaches $18 million settlement with states for massive breach

    Plain-English summary by GetCyberRight. Read the full report at the source above.

    Published Wednesday, July 15, 2026Updated Thursday, July 16, 20262 min read
    Share:

    23andMe reached an $18 million settlement with 42 state attorneys general following a massive data breach. The settlement addresses cybersecurity failings at the DNA testing company that allowed hackers to access customer information. The breach exposed sensitive genetic and personal data belonging to people who used the service to learn about their ancestry and health. This affects anyone who has ever created a 23andMe account. If you or family members used 23andMe for DNA testing, your genetic information, family connections, and personal details may have been exposed in this breach. Unlike a credit card number that you can change, your DNA information is permanent and cannot be replaced. This makes the breach particularly serious for long-term privacy concerns.

    If you have a 23andMe account, act now to protect yourself:

    1. Change your 23andMe password immediately to something strong and unique that you do not use anywhere else.
    2. Enable two-factor authentication on your account if you have not already.
    3. Review your account settings and limit what information is shared publicly.
    4. Be alert for scam emails or calls from people claiming to be relatives or having information about your health.
    5. Consider placing a fraud alert on your credit reports, as personal information was exposed. Going forward, think carefully before sharing your DNA with any company. Once your genetic information is in a database, you cannot take it back. If you do use these services, always use the strongest security settings available. Never reuse passwords across different websites. Consider whether the benefits of DNA testing outweigh the privacy risks for your family. Genetic information is among the most personal data you have, so treat it with extra caution.

    Protect Yourself

    Use our Breach Monitor to check if you're affected and take action.

    Found this useful?

    Share it with someone who could use a heads-up.

    Share:

    Curated from trusted cybersecurity sources by GetCyberRight

    Source: The Record by Recorded Future

    Discussion

    0

    Sign in to join the discussion.

    Stay ahead of cyber threats

    Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.