If you were a 23andMe customer whose personal data was stolen in the October 2023 cyberattack, the process for filing a claim through the $30 million settlement was straightforward but time-sensitive — and unfortunately, the deadline has now passed. The claim filing window closed on February 17, 2026, at 11:59 p.m. Central Time, meaning cash compensation is no longer available to new filers. For example, if you received a notice from 23andMe that your genetic or personal information was compromised but did not submit a claim form at 23andmedatasettlement.com before that date, you cannot retroactively file for a cash payment.
That said, this article still serves an important purpose. If you did file before the deadline, understanding the settlement structure helps you know what to expect in terms of payment amounts and timing. If you missed the deadline, you should know that you are still entitled to five years of free Privacy & Medical Shield plus Genetic Monitoring services. This article walks through what the filing process looked like step by step, what compensation categories existed, who qualified, and what options remain for those who did not file in time.
Table of Contents
- What Were the Steps to File a 23andMe Data Breach Settlement Claim Online?
- Who Was Eligible for Compensation and What Were the Limits?
- Breaking Down the Four Compensation Categories
- What to Do If You Missed the February 17, 2026, Deadline
- Common Problems Filers Encountered During the Claims Process
- How This Settlement Compares to Other Data Breach Cases
- What Happens Next for 23andMe Settlement Class Members
- Frequently Asked Questions
What Were the Steps to File a 23andMe Data Breach Settlement Claim Online?
The online filing process at 23andmedatasettlement.com required claimants to first confirm their eligibility — specifically, that they were a 23andMe customer between May 1, 2023, and October 1, 2023, that they resided in the United States during that window, and that they received notice from the company that their personal information was compromised. Once eligibility was confirmed, filers selected which compensation categories applied to them: Extraordinary Claims for documented out-of-pocket losses up to $10,000, Health Information Claims worth up to $165, or State Statutory Claims estimated at $100 for residents of Alaska, California, Illinois, or Oregon. After selecting the relevant claim type, filers entered their personal details and, for Extraordinary Claims, uploaded supporting documentation such as receipts for credit monitoring services purchased, invoices from identity theft resolution, or records of mental health treatment tied to the breach.
The form then required an electronic signature and attestation that the information provided was accurate. Mailed claims were also accepted, but those had to be postmarked by February 17, 2026. The online option was generally faster and provided immediate confirmation of submission, while mailed claims carried the risk of postal delays and lacked a real-time receipt.
Who Was Eligible for Compensation and What Were the Limits?
Eligibility hinged on three specific requirements. you needed to have been an active 23andMe customer during the period from May 1, 2023, through October 1, 2023. You had to have been a U.S. resident during that time. And you had to have received a data breach notification from 23andMe confirming that your personal information was part of the roughly 6.4 million records stolen in the cyberattack first disclosed on October 6, 2023. However, meeting these baseline criteria did not guarantee a specific dollar amount.
The actual payout depended on which claim category you fell into and how many total valid claims were submitted. If the total approved claims exceeded the $30 million fund — which was approved by U.S. Bankruptcy Judge Brian C. Walsh and received final court approval on January 20, 2026 — payments would be reduced on a pro rata basis. So if you filed a health Information Claim expecting $165, but the number of valid claims across all categories drained the fund, your actual check could be lower. This is a common reality in class action settlements, and it is worth noting that the original revised proposal during bankruptcy proceedings was $50 million before being finalized at $30 million.
Breaking Down the Four Compensation Categories
The settlement established four distinct tiers of compensation. Extraordinary Claims topped out at $10,000 and required hard documentation of unreimbursed costs directly caused by the breach. This could include charges for identity theft protection services you purchased after the breach, fees paid to freeze or monitor credit reports, costs associated with replacing compromised identification documents, or bills from mental health professionals if the breach caused documented emotional distress.
A claimant who, for instance, spent $400 on a premium identity monitoring service and $150 on a therapist visit specifically because they feared their genetic data was being misused could submit receipts for $550 in total. Health Information Claims paid up to $165 and applied to anyone who received a specific notification that their health-related data — not just contact information — was accessed. State Statutory Claims, estimated at $100, were limited to residents of Alaska, California, Illinois, or Oregon, states with genetic privacy statutes that provided additional legal grounds. Finally, all eligible class members received five years of free Privacy & Medical Shield plus Genetic Monitoring services regardless of whether they filed a cash claim, which represents the one benefit still accessible even after the filing deadline.
What to Do If You Missed the February 17, 2026, Deadline
If you did not file by February 17, 2026, your options for cash compensation are effectively closed. There is no general extension or grace period for the standard claim submission. The one narrow exception: if you received a 2026 email notice from the settlement administrator that stated a different deadline, that alternate date may apply to you specifically. Short of that, the window is shut.
The tradeoff you face now is between doing nothing and actively enrolling in the monitoring services. While you cannot collect a cash payment, the five-year monitoring package — which includes genetic data monitoring, a feature not commonly offered in standard breach settlements — still carries real value. Consider that comparable identity and health monitoring services on the open market can cost $20 to $30 per month, meaning the free coverage could be worth over $1,000 across the five-year period. If you have not already enrolled, contact the settlement administrator at (833) 621-5792 or info@23andMeDataSettlement.com to confirm your eligibility for the monitoring benefit. You can also visit 23andmedatasettlement.com for enrollment details.
Common Problems Filers Encountered During the Claims Process
One recurring issue was documentation gaps for Extraordinary Claims. Many people who experienced identity theft or purchased monitoring services after the breach did not keep detailed receipts, making it difficult to substantiate claims. The settlement required that costs be both unreimbursed and directly tied to the 23andMe breach specifically, not to other unrelated data breaches that may have occurred around the same time. If your bank or credit card company already refunded fraudulent charges, those amounts could not be claimed again through this settlement. Another complication arose from the bankruptcy context.
23andMe filed for bankruptcy during the settlement process, which added uncertainty about whether the $30 million fund would be fully funded and distributed. The preliminary approval came on October 2, 2025, and final approval was not granted until January 20, 2026, by the U.S. Bankruptcy Court for the Eastern District of Missouri — leaving a relatively short window before the February 17 deadline. Some class members reported confusion about whether the settlement was even proceeding, given the company’s financial difficulties. If you filed a claim and are waiting for payment, be aware that distribution timelines in bankruptcy-related settlements tend to run longer than in standard class actions.
How This Settlement Compares to Other Data Breach Cases
The 23andMe settlement stands out because of the nature of the data involved. Unlike a credit card breach where you can simply get a new card number, genetic information is permanent and cannot be changed.
This is why the settlement included genetic monitoring as part of its relief package — a category of protection that did not exist in earlier landmark breach settlements like Equifax or Yahoo. The $30 million fund, while substantial, works out to less than $5 per affected person if all 6.4 million U.S. residents filed claims, which underscores why the tiered claim structure existed to direct more money toward those who suffered documented harm.
What Happens Next for 23andMe Settlement Class Members
For those who filed valid claims, the next step is waiting for the settlement administrator to process and verify submissions. Payments will be distributed after all claims have been reviewed, and any disputes or objections have been resolved. Given the bankruptcy proceedings, this process could take several additional months beyond what a typical class action settlement would require.
Looking ahead, the 23andMe case has prompted renewed attention from state legislators on genetic data privacy. The fact that residents of Alaska, California, Illinois, and Oregon received a separate statutory claim category reflects existing genetic privacy laws in those states, and similar legislation is being considered elsewhere. If you are concerned about the long-term security of your genetic data — whether from 23andMe or any other direct-to-consumer testing company — this settlement serves as a concrete reminder to review what data these companies hold and what rights you have to request its deletion.
Frequently Asked Questions
Can I still file a 23andMe data breach settlement claim?
No. The claim deadline was February 17, 2026, and has passed. Cash claims are now closed. The only exception would be if a 2026 email notice you received from the settlement administrator listed a different deadline.
How much money will I receive from the 23andMe settlement?
It depends on your claim category. Extraordinary Claims could pay up to $10,000 with proper documentation, Health Information Claims up to $165, and State Statutory Claims an estimated $100 for residents of Alaska, California, Illinois, or Oregon. Actual amounts may be reduced pro rata if total claims exceed the $30 million fund.
I missed the deadline. Do I get anything?
You are still eligible for five years of free Privacy & Medical Shield plus Genetic Monitoring services. Contact the settlement administrator at (833) 621-5792 or info@23andMeDataSettlement.com to enroll.
How do I know if my health information was compromised?
23andMe sent specific notifications to customers whose health-related data was accessed. If you received such a notice, you qualified for the Health Information Claim category worth up to $165. Check your email archives for communications from 23andMe sent after the October 6, 2023, breach announcement.
When will settlement payments be sent out?
No specific payment date has been announced. The final court approval was granted on January 20, 2026, and the claims review process is ongoing. Given that the settlement is being administered through bankruptcy court, distribution may take additional months.
What documentation was needed for an Extraordinary Claim?
You needed receipts, invoices, or statements showing unreimbursed costs directly caused by the 23andMe breach. Examples include bills for identity theft monitoring services, credit freeze fees, costs to replace identification documents, charges for mental health treatment related to the breach, and records of time spent resolving identity theft at $30 per hour.