23andMe reaches $18 million settlement with states for massive breach
A coalition of 42 state attorneys general has reached an $18 million settlement with genetic testing company 23andMe over cybersecurity failures that resulted in a large-scale data breach. The settlement resolves multistate legal action stemming from the company's failure to adequately protect user data.
Why this matters: Genetic data is not like a leaked password. You can reset a password. You cannot reset your DNA. When 23andMe failed to protect user data, it exposed some of the most personal information people can share — ancestry, health predispositions, family connections. Forty-two states had to band together to extract $18 million from a company that asked people to trust it with their biology. That number should feel small given what was at stake. If you handed over your genetic data, this settlement does not get it back.
Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance
This summary is AI-assisted and may contain errors. It is an original briefing to help you gauge significance quickly — not a reproduction of the source. Always read the linked original before relying on it. See our methodology.