Multistate settlement resolves claims surrounding a massive cyberattack in 2023 that compromised the highly sensitive genetic data of 6.9 million people around the globe. The state coalition secured $150 million in allowed claims, but due to 23andMe’s bankruptcy, the states will share an immediate $18 million payout.
Michigan’s Share
Michigan is set to receive $436,605 from the settlement. The breach impacted 162,865 people in Michigan. Michigan Attorney General Dana Nessel stated, ‘Protecting the personal information of Michigan residents has been one of my top priorities during my time in office, and we will not stand by when companies fail to safeguard consumer data.’
The trouble started in October 2023 when the direct-to-consumer DNA testing giant revealed a security failure. Hackers accessed customer records, including genetic ancestry details in some cases, and later put segments of that information up for sale on the dark web.
Investigation Findings
State investigators found that 23andMe ignored basic security practices, including failing to require multifactor authentication and not checking passwords against lists of known breached passwords. The company also missed a massive spike in unusual login attempts and failed to implement proper monitoring tools or fix known vulnerabilities.
The fallout eventually pushed 23andMe to file for bankruptcy in March 2025. As part of that process, the company’s assets and consumer data were sold to the TTAM Research Institute, a newly formed non-profit run by 23andMe founder Anne Wojcicki.
Original reporting: Tampa Free Press — read the source article.