All active MDLs
MDL 3098Data Privacy & Security

23andMe, Inc., Customer Data Security Breach Litigation

Unauthorized disclosure of genetic and health data can lead to discrimination in employment and insurance, psychological distress from anxiety or stress related to genetic risks, and misuse of sensitive information for malicious purposes such as blackmail or identity theft. These harms are supported by legal and scientific literature, emphasizing the importance of privacy protections for genetic data.

CANSr. District Judge Edward M. ChenMaster docket 3:24-md-3098Source: JPML · Updated March 27, 2026

41

Pending actions

41

Total actions filed

Active

Status

04/11/2024

Established

Filing deadline

Claim submission deadlines for the settlements were in early 2026. The general statute of limitations for data breach claims in California is three years, and four years under federal law in the Northern District of California.

Who qualifies

Plaintiffs must have been U.S. customers of 23andMe during the Cyber Security Incident Period from May 1, 2023, to October 1, 2023, and received notice that their data was compromised. Eligibility for settlement claims depends on the specific types of data affected (e.g., raw genotype data, health reports, self-reported health conditions) and the damages incurred.

Products involved

  • Ancestry Service
  • Health + Ancestry Service
  • Health-only Service
  • 23andMe+ Premium
  • Total Health Platform

Alleged injuries

  • violations of privacy
  • emotional distress
  • identity theft risk
  • potential for discrimination
  • misuse of sensitive genetic data

Bellwether trials

There is no evidence of bellwether trials being scheduled or conducted in this MDL. The litigation was resolved through class action settlements, including a $30 million settlement approved in 2024 and a $50 million settlement approved in early 2026.

Settlement landscape

Settlements include payouts up to $165 for general claims and up to $10,000 for 'Extraordinary Claims' involving hardships from the breach. The overall settlement amounts were $30 million and $50 million.

Lead counsel

  • Cari Laufenberg (Keller Rohrback)
  • Gayle M. Blatt (Casey Gerry)
  • Maureen M. Brady

This page is generated from the official JPML pending-MDL report and public court records, refreshed monthly. It is provided for attorney reference and is not legal advice.

MDL Match

Your next intake could have a mass tort hiding in it.

Screen it against 158+ active MDLs. Takes under 60 seconds.

Start matching now