News

Actions

Tennessee to receive $348K in 23andMe data breach settlement

California 23andMe Lawsuit
Posted

NASHVILLE, Tenn. (WTVF) — Tennessee is set to receive nearly $349,000 as part of a multistate settlement over a 2023 data breach at genetic testing company 23andMe.

Tennessee Attorney General Jonathan Skrmetti joined attorneys general from 42 other states and the District of Columbia in securing the settlement with the company’s bankruptcy trustee. Altogether, states will recover $18 million.

The breach exposed the genetic and personal information of 6.9 million customers worldwide, including 116,395 people in Tennessee. The information included genetic ancestry data and other personal details.

“When the privacy of our genetic information is compromised, we can never get that back. The security of our genome matters not just for us, but for our families,” Skrmetti said.

He said the settlement holds 23andMe accountable and is a reminder that companies need to do more to protect sensitive consumer information.

The multistate investigation found that 23andMe did not have reasonable safeguards in place to protect customers from credential stuffing attacks, which happen when hackers use stolen usernames and passwords to access other accounts.

Investigators also found the company did not adequately monitor suspicious activity or quickly respond to known security problems. According to the Tennessee Attorney General’s Office, 23andMe delayed acknowledging the breach and initially blamed customers.

23andMe filed for bankruptcy in 2025. Its assets, including customer genetic data, were later sold to TTAM Research Institute.

As part of the bankruptcy proceedings, the buyer agreed to stronger privacy and security protections. Those include ongoing risk assessments, independent oversight and continued customer rights to delete their genetic information.