23andMe Agrees $18M Settlement and New Security Terms
π A coalition of 42 US attorneys general has secured an $18m settlement with genetic testing firm 23andMe following the 2023 credential-stuffing breach that exposed profile and ancestry data for over six million individuals. The settlement, led by New York Attorney General Letitia James, includes more than $705,000 payable to New York and imposes new data protection requirements on the company and its successor. As 23andMe entered bankruptcy in March 2025, its customer data was transferred to TTAM Research; the agreement mandates risk analysis, an advisory board on data security, and continued consumer deletion rights to safeguard that information.
