23andMe, a DNA testing company, filed for Chapter 11 bankruptcy in March 2025 following a **2023 data breach** that exposed the personal and genetic data of **nearly 7 million customers**. The breach triggered **dozens of lawsuits globally**, leading to settlements totaling up to **$62 million** for affected claimants, including a **$9 million arbitration settlement** for 32,000 customers, a **$30–$50 million US class-action fund**, and a **$3.25 million Canadian class fund**. The company’s financial collapse was accelerated by **declining demand** and the breach’s reputational and legal fallout. Over **157,000 fraudulent claims** were later identified and removed. The breach forced asset liquidation, including a **$300 million sale** of core assets to co-founder Anne Wojcicki and a **$10 million sale** of its telehealth subsidiary, Lemonaid. The incident also sparked **privacy concerns from over 30 US states**, leading to disputes over liability protections in bankruptcy proceedings. The company is now winding down operations under court supervision, with ongoing negotiations for cyber-insurance settlements and creditor agreements.
23andMe cybersecurity rating report: https://www.rankiteo.com/company/23andme
"id": "23A4902149112025",
"linkid": "23andme",
"type": "Breach",
"date": "6/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'Nearly 7 million',
'industry': ['Biotechnology',
'Genetics',
'Direct-to-Consumer DNA Testing',
'Telehealth (Lemonaid)'],
'location': 'USA',
'name': '23andMe (now Chrome Holding Co.)',
'type': 'Private Company'},
{'industry': 'Healthcare',
'location': 'USA',
'name': 'Lemonaid (subsidiary)',
'type': 'Telehealth Company'}],
'customer_advisories': ['Settlement notifications for arbitration claimants',
'Class-action updates (US and Canada)',
'Fraudulent claim removals (~157,000)'],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': 'Nearly 7 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (genetic and personal data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Genetic Data']},
'date_publicly_disclosed': '2023',
'description': '23andMe (now Chrome Holding Co.) filed for Chapter 11 '
'bankruptcy in March 2025 following a 2023 data breach that '
'exposed the data of nearly 7 million people. The breach '
'triggered dozens of lawsuits and led to a proposed settlement '
'of up to $62 million for arbitration claimants. The company '
'is liquidating assets, including a $10 million sale of its '
'telehealth subsidiary Lemonaid, while navigating legal '
'objections from states and creditors over liability '
'protections and third-party releases. The bankruptcy court '
'preliminarily approved a $9 million settlement for ~32,000 '
'arbitration claims, with additional funds allocated for US '
'and Canadian class-action settlements.',
'impact': {'brand_reputation_impact': 'Severe (bankruptcy, loss of customer '
'trust, legal disputes)',
'customer_complaints': 'Dozens of lawsuits (US and abroad), '
'~32,000 arbitration claims',
'data_compromised': 'Nearly 7 million records',
'financial_loss': {'arbitration_settlement': '$9 million (revised '
'from $6.5 million)',
'asset_sales': '$300 million (to co-founder '
'Anne Wojcicki and related '
'nonprofit)',
'bankruptcy_filing': 'Chapter 11 (March 2025)',
'canadian_class_action_fund': '$3.25 million',
'lemonaid_sale': '$10 million (to Bambumeta '
'Ventures LLC)',
'settlement_costs': '$62 million (total '
'proposed)',
'us_class_action_fund': '$30 million–$50 '
'million'},
'identity_theft_risk': 'High (PII exposed)',
'legal_liabilities': ['Class-action lawsuits (US and Canada)',
'State objections to asset sales and '
'third-party releases',
'Fraudulent claims (~157,000 flagged)',
'Regulatory scrutiny over privacy concerns'],
'operational_impact': 'Company wind-down, asset liquidation, '
'decline in demand'},
'investigation_status': 'Ongoing (settlements pending final approval, '
'cyber-insurance negotiations in progress)',
'post_incident_analysis': {'corrective_actions': ['Asset liquidation to fund '
'settlements',
'Negotiated releases for '
'officers/directors',
'Fraudulent claim '
'mitigation',
'Cyber-insurance claims '
'resolution (pending)'],
'root_causes': ['Data breach (2023) leading to '
'loss of customer trust',
'Decline in demand for services',
'Financial distress culminating in '
'bankruptcy']},
'references': [{'source': 'Bloomberg Law'},
{'source': 'US Bankruptcy Court for the Eastern District of '
'Missouri'},
{'source': 'National Association of Attorneys General'}],
'regulatory_compliance': {'legal_actions': ['Class-action lawsuits (US and '
'Canada)',
'State objections to bankruptcy '
'plan (30+ states and DC)',
'DOJ bankruptcy monitor '
'involvement',
'Fraudulent claim '
'investigations']},
'response': {'communication_strategy': ['Bankruptcy court hearings',
'Negotiations with creditors/states',
'Public disclosures via legal '
'filings'],
'recovery_measures': ['Asset sales ($300M to co-founder, $10M '
'for Lemonaid)',
'Settlement negotiations (arbitration, '
'class actions)',
'Fraudulent claim removal (~157,000)',
'Cyber-insurance settlement (pending)'],
'third_party_assistance': ['Paul, Weiss, Rifkind, Wharton & '
'Garrison LLP (legal)',
'Carmody MacDonald PC (legal)',
'Bankruptcy lenders',
'Plan administrator (for '
'liquidation)']},
'stakeholder_advisories': ['Bankruptcy court hearings (e.g., 11/19/25)',
'Creditor committee briefings',
'State AG objections and negotiations'],
'title': '23andMe Data Breach and Bankruptcy Settlement',
'type': ['Data Breach', 'Bankruptcy', 'Legal Settlement']}