Settlement stems from 2023 hack that exposed 6.9 million genetic profiles
A California bankruptcy judge on Tuesday ordered Chrome Holding, the successor company now operating 23andMe, to pay $46.75 million to compensate victims of a 2023 data breach that exposed the genetic profiles of millions of users. The ruling requires Chrome Holding to make the initial payment to Kroll Restructuring, the firm representing victims, within five business days.
The payout stems from a hack in 2023 in which attackers accessed roughly 14,000 user accounts directly but exploited the company’s family-tree features to view profiles of relatives, reaching as many as 6.9 million people. The compromised data included sensitive health and ancestry information compiled through 23andMe’s DNA testing kits.
Chrome Holding, which operates under the name TTAM Research Institute, is controlled by 23andMe co-founder Anne Wojcicki. Wojcicki won control of 23andMe’s assets in a bankruptcy auction last year with a bid of $305 million. The company had filed for bankruptcy in early 2025, about 18 months after the breach was disclosed.
The breach drew scrutiny from regulators on both sides of the Atlantic. The UK Information Commissioner’s Office fined 23andMe £2.31 million, saying the company had failed to put adequate measures in place to secure sensitive user data prior to the incident. In May, California Attorney General Rob Bonta sued the company, alleging it “failed to take basic steps to protect users’ data” and “lied to consumers about the severity of its 2023 data breach,” according to the BBC.
23andMe was once valued at $6 billion. Founded in 2006, it went public in 2021 but never turned a profit. The company has continued to offer DNA testing kits online since its bankruptcy filing.
The ruling did not specify how many victims will receive payouts. The BBC has reached out to the legal team representing the victims for clarification. Representatives of Chrome Holding and 23andMe have been contacted for comment.