In Re: 23andMe, Inc. Customer Data Security Breach Litigation

If you type something into the computer you should assume everyone in the world will eventually be able to see it.

If you send your DNA to a company in the mail you should assume everyone in the world will eventually be able to see it.

I've had 23andme since ~2012. Haven't received a single email from/about 23andmedatasettlement.com

Related:

DNA testing firm 23andMe fined £2.3m by UK regulator for 2023 data hack - https://news.ycombinator.com/item?id=44300220 - June 2025 (1 comment)

23andMe tells victims it's their fault that their data was breached - https://news.ycombinator.com/item?id=38856412 - January 2024 (368 comments)

Can I file a claim if I'm related to folks who shared their (and by extension, my) DNA with this company?

What if you're Canadian?

When this blew up, the breach had been ongoing for months and 23andme had no clue. The company immediately blamed customers for sharing passwords, and strenuously avoided any mention of admitting it was in fact a hack.

https://techcrunch.com/2023/10/10/23andme-resets-user-passwo...

The 23andme hack was yet another failure in a long list under the CEO: Failed execution on the drug development strategy, lying about growth, pushing out the cofounder, never making a profit, FDA warning letters, ditching its genealogy tools, screwing over investors, screwing over the board, and so on.

The company she bankrupted was about to be sold to Regeneron - probably the best option for everyone - when her "nonprofit" swooped in with a high bid.

https://www.medtechdive.com/news/anne-wojcicki-buy-23andme-b...

2 measly SQL injections and down goes 23andMe.

Give each victim 100 shares of company stock. You lose your company to the people that you hurt. Seems fair.

> Up to $10,000 for Extraordinary Claims; > Up to $165 for Health Information Claims; > An estimated $100 for Statutory Cash Claims; and > 5 years of Privacy & Medical Shield + Genetic Monitoring

None of these make the victims whole. The typical customer would rather pay $1000 to not have their private medical records stolen. Giving them just $165 or a few years of monitoring is insulting. What does that monitoring even achieve?