Among our most sensitive information is our health data and among that, our genetic information may be the most sensitive still. This data not only ties us to family—both known and unknown—it can be predictive of future health concerns and even be grounds to forgo having children or not hire a prospective employee. So, when 23andMe loses the genetic data of 7 million people, tremendous damage can be done.

The ancestry research firm, 23andMe, announced in October 2023 that beginning several months earlier, hackers had begun downloading customer data. Before the breach was discovered, over half their customers’ data had been stolen. Now, because the company delayed notifying customers and did little to mitigate the damage done, a class action suit has been filed resulting in settlements of between $100 and $10,000 per affected customer. Those who can prove they suffered hardship (such as identity fraud) due to the breach are likely to receive higher compensation.

In addition to the cash settlements, 23andMe is offering impacted customers three years of security monitoring including web and dark web monitoring. As always, in addition to relying on monitoring, customers should check their credit regularly but also contact family members whose data might have been compromised as a result of their genetic connections to them. Just as the branches of a family tree spread and split, the total reach of this breach is likely to continue to grow for a long time to come.