Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

23andMe Faces New Security Mandates in $18m Data Breach Settlement

July 17, 2026

New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email

July 17, 2026

Government Agencies Falling Victim to Ransomware Daily, Warns Study

July 17, 2026
Facebook X (Twitter) Instagram
Saturday, July 18
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»23andMe Faces New Security Mandates in $18m Data Breach Settlement
News

23andMe Faces New Security Mandates in $18m Data Breach Settlement

Team-CWDBy Team-CWDJuly 17, 2026No Comments3 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


A settlement of $18m has been reached between a coalition of 42 US attorneys general and genetic testing firm 23andMe following the 2023 data breach.

New York Attorney General Letitia James and the bipartisan coalition has also ensured new data protection requirements to secure 23andMe customer data. 23andMe will also pay more than $705,000 to New York.

In October 2023, the genetics testing firm confirmed that customers had profile information accessed by cybercriminals following a credential stuffing campaign.

At the time of the incident, the company said that the hack was not the result of attackers infiltrating the firm’s own network, rather it was customers’ poor password management including the lack of multi-factor authentication (MFA).

Over six million individuals’ information was accessed from the data breach including information about ancestry.

In March 2025, 23andMe filed for bankruptcy protection. A statement issued by Attorney General James said that herself and the coalition filed claims related to the data breach investigation.

In June 2025, Attorney General James and a bipartisan coalition of 27 other attorneys general sued 23andMe to protect Americans’ personal genetic information during the company’s bankruptcy.

As a result of the bankruptcy, 23andMe’s customer data was sold to TTAM Research, a non-profit formed by 23andMe’s founder and former CEO Anne Wojcick.

Attorney General James and the coalition have secured new information and data security requirements at TTAM to protect customers’ data and prevent future breaches.

The security measures include:

  • Appropriate risk analysis
  • The addition of an Advisory Board on data security
  • Continuing to offer consumers the right to delete their information

“Companies have a duty to protect their customers’ personal information from hackers, but 23andMe put millions of its customers at risk with its flimsy security measures,” said Attorney General James. “New Yorkers trusted 23andMe with their sensitive and personal genetic data, only to find that data stolen and put up for sale on the dark corners of the internet. As a result of our coalition’s action, 23andMe will pay for violating the law and strict rules will be put in place to protect their customers.”

Infosecurity has reached out to 23andMe in relation to the $18m settlement and security requirements.

This is in addition to a $46.75 ​million settlement which was approved by a US bankruptcy judge on July 7, to be awarded as compensation to victims of the data breach.

However, on 10 July, a bankruptcy judge said California cannot seek damages ​from the company because of their Chapter 11 reorganization plan, according to reporting by Reuters. However, the judge said California has 14 days to either dismiss its ⁠May 28 lawsuit, which was issued by Attorney General of California Rob Bonta, or amend ​the complaint to eliminate the claims for monetary relief.

The company was also fined €2.4m ($2.75m) in July 2026 by the Spanish privacy watchdog as 2642 customers residing in Spain were affected.

In June 2025, the UK’s Information Commissioner’s Office fined 23andMe £2.3m ($3.1m) for failing to protect customers’ special category data.



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleNew MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email
Team-CWD
  • Website

Related Posts

News

New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email

July 17, 2026
News

Government Agencies Falling Victim to Ransomware Daily, Warns Study

July 17, 2026
News

The Case for Combining Autonomous AI with Analyst Copilots

July 17, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

The quest for greater tech independence

May 19, 2026

Why geopolitical turmoil is a gift for scammers, and how to stay safe

May 15, 2026

Mobile app permissions (still) matter more than you may think

February 27, 2026

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.