The ancestry profiles and family data of nearly seven million people, stolen in 2023 and scattered across the dark web, now carry a court-approved price tag of $46.8 million. A Missouri bankruptcy administrator approved the fund Wednesday, settling the largest claims against the company once known as 23andMe and now operating under the name Chrome Holding Co.
What the hackers took cannot be reset. A password gets changed after a breach and a stolen credit card gets canceled within hours. Your ancestry and ethnic background do not change and neither does the web of relatives you connect to, which exposes people who never signed up for anything.
The ancestry estimates, predicted family relationships, birth years and self-reported locations they harvested are enough to identify someone and the people related to them and that information stays true for life.
This was the data 23andMe failed to protect, starting around April 2023 and running for roughly five months before the company disclosed the intrusion in an October blog post.
Attackers reused login credentials harvested from earlier breaches on other sites, slipping into a sliver of accounts whose owners had recycled their passwords. From there the damage spread through DNA Relatives, an opt-in feature built to let customers find genetic kin. The hacker reached 5.5 million DNA Relatives profiles and pulled information on another 1.4 million people who used a tool called Family Tree, turning a feature designed for connection into a map of who is related to whom.
Victims who filed claims will divide $32.5 million of the fund, with individual payouts running from $50 to $10,000 for extraordinary losses such as identity fraud and mental health treatment.
The administrator has resolved more than 255,860 claims so far, and thousands remain pending. The remaining $14.29 million goes to Kroll, the firm processing the claims and roughly $13 million of that was covered by cyber insurance policies from Allied World, Tokio Marine’s Houston Casualty, Berkshire Hathaway’s Landmark American, and underwriters at Lloyd’s. The people whose data was exposed carry the permanent risk, and the insurers carry most of the bill.
Plaintiffs had asked for $48 billion. The administrator landed on a figure several orders of magnitude lower, citing a federal court’s finding that an earlier $30 million deal was “reasonable in light of the Company’s dire financial condition.”
The administrator called the result an “equitable outcome” that avoids more litigation and reflects what the company can actually pay. The final number sits $3.25 million under the $50 million ceiling that Judge Brian Walsh authorized back in January.
The harm was never evenly distributed. After the breach, compilations of stolen profiles surfaced for sale on the dark web. Ancestry data sorted by ethnicity and offered to buyers is the kind of exposure no payout reverses.
The company that gathered all of this is mostly gone. 23andMe filed for Chapter 11 in March 2025, sold most of its assets for more than $300 million, and was bought back by co-founder Anne Wojcicki over objections from regulators.
California tried to block the sale, arguing that its Genetic Information Privacy Act required opt-in consent before genetic data could change hands, and lost. Late in May, the state sued Chrome Holding Co. for failing to protect customer data in the first place. The corporate shell keeps changing names.
2 Responses
Lol sold their DNA for $50.
It’s the same people who keep line game casinos and televangelists and shop-at-home TV in business..
Typically old widows living off husbands pension and social security, or shut-ins with some form of inheritance that keeps them from competing in the real world..
People keep talking about how bad America’s economy is but I see a lot of these people everywhere.. Not sure how an economy is “bad” if you got endless dumb lazy people living a life of leisure under it..