Canadian consumers affected by the 23andMe data breach are eligible to claim up to CAD$2,500 in compensation through a class action settlement approved in March 2026. The settlement distributes approximately CAD$4.5 million (US$3.25 million) among affected users in Canada. Most eligible claimants will receive an ordinary claim payment of approximately CAD$17.77 automatically, while those who incurred documented expenses as a result of the breach can pursue extraordinary claims up to the CAD$2,500 maximum.
The 23andMe incident exposed personal information of approximately 6.9 million users globally when the company disclosed a cybersecurity breach in October 2023. Canadian customers are now being notified of their eligibility through the official settlement portal. This article covers who qualifies, what types of claims are available, how to file, what documentation you’ll need, and the critical June 25, 2026 deadline you need to know.
Table of Contents
- Who Qualifies for the 23andMe Canadian Settlement?
- Understanding the Data Breach That Led to This Settlement
- Two Types of Claims—Ordinary and Extraordinary
- How to File Your Claim Before the June 25 Deadline
- Common Issues That Could Disqualify Your Extraordinary Claim
- What Documentation Counts for Extraordinary Claims
- Broader Steps to Protect Yourself After a Data Breach
- Conclusion
Who Qualifies for the 23andMe Canadian Settlement?
To be eligible for the 23andMe settlement, you must meet four specific criteria. First, you must have been a 23andMe customer between may 1, 2023 and October 1, 2023—this is the relevant window when the company had access to your data. Second, you had to be a Canadian resident during that period. Third, you must have received a breach notification from 23andMe confirming your data was affected.
Fourth, you cannot have actively opted out of the settlement before the deadline. The May to October 2023 eligibility window captures customers who were paying for the service during this specific period. For example, someone who cancelled their 23andMe subscription in March 2023 would not qualify, even if they were a long-time customer. Similarly, someone who created an account after October 2023 would not be included. The company has compiled lists of affected users and will be contacting eligible claimants directly through the official settlement website at canadian23andmesettlement.ca.
Understanding the Data Breach That Led to This Settlement
On October 1, 2023, 23andMe publicly disclosed that a cybersecurity incident had exposed the personal information of approximately 6.9 million users worldwide. The breach resulted in unauthorized access to sensitive customer data, prompting regulatory investigations and legal action from affected users. The scope of the incident and the type of personal information exposed—including genetic information and family connections in some cases—led regulators and courts to approve this settlement as a fair resolution for Canadian claimants.
The settlement process took several months to negotiate and obtain court approval. However, if you changed your mind about the settlement after it was approved, you still had opportunities to opt out during the formal notice period. Now that the claims period has opened, you cannot withdraw your opt-out request. The company has set aside these settlement funds specifically to compensate people who experienced harm or incurred expenses because of unauthorized access to their sensitive personal information.
Two Types of Claims—Ordinary and Extraordinary
The settlement offers two distinct claim pathways, and understanding the difference is crucial. An ordinary claim requires no documentation and provides a pro-rata payment to all eligible claimants. Based on the total settlement amount divided among eligible users, ordinary claimants will receive approximately CAD$17.77. This payment processes automatically—you don’t need to submit receipts, proof of expenses, or detailed explanations.
If you simply want to claim your share without pursuing further compensation, this is your option. An extraordinary claim allows you to seek up to CAD$2,500 in reimbursement for documented, out-of-pocket expenses directly caused by the breach. These expenses must have been incurred between October 1, 2023 and March 31, 2024, and could include purchases of security monitoring systems, home security hardware, credit monitoring services, or professional mental health counseling. The key difference is that extraordinary claims require documentation proving both that you incurred the expense and that it was directly related to the breach. For example, if you purchased a credit monitoring service specifically because of the 23andMe breach notification, you could claim that cost with your subscription receipt and a brief explanation linking it to the incident.
How to File Your Claim Before the June 25 Deadline
The claims period opened on March 27, 2026, and you have until June 25, 2026 at 11:59 PM PT to file. This gives claimants approximately three months to gather documentation and submit their claims through the official portal at canadian23andmesettlement.ca. Filing is straightforward: visit the website, verify your eligibility, and choose between an ordinary or extraordinary claim. For ordinary claims, the process is nearly instant. For extraordinary claims, you’ll upload documentation supporting your expenses.
Time is important because the June 25 deadline is absolute. Unlike some settlement processes that allow late claims in certain circumstances, missing this deadline typically results in forfeiture of your claim entirely. Start your claim process soon rather than waiting until June. If you’re pursuing an extraordinary claim, gather your documentation now—receipts, credit card statements, invoices, and any correspondence linking the purchase to the 23andMe breach. The settlement administrator reviews claims and processes payments according to the documented evidence you provide.
Common Issues That Could Disqualify Your Extraordinary Claim
While ordinary claims are straightforward, extraordinary claims face scrutiny regarding whether expenses truly resulted from the breach. A common issue is lack of documentation. If you paid cash for a security system, throwing away the receipt, you’ll struggle to prove the purchase and its amount. The settlement requires actual receipts or proof of payment, not vague recollections of spending. Additionally, expenses must be directly attributable to the breach—not general cybersecurity improvements you would have made anyway.
Another limitation is the time window. You cannot claim expenses from before October 1, 2023 (when 23andMe first notified of the breach) or after March 31, 2024. If you installed security monitoring in September 2023 and tried to claim it, the settlement administrator would deny it because the date precedes the breach notification. Similarly, expenses incurred in April 2024 or later fall outside the eligible window. The settlement is designed to cover only the direct, immediate harm period, not ongoing expenses years later. If you’re unsure whether a particular expense qualifies, document it anyway—submit it with clear explanation and let the settlement administrator make the determination.
What Documentation Counts for Extraordinary Claims
For extraordinary claims to succeed, you need specific types of documentation. Physical security or monitoring system purchases require itemized receipts showing what you bought and how much you paid. For professional mental health counseling, you’ll need invoices from the provider with dates of service and amounts paid. If you used insurance, you’ll need documentation showing the out-of-pocket portion you personally paid.
Credit monitoring services often generate monthly subscription confirmations that serve as proof. A concrete example: if you contacted a therapist specifically because the breach caused stress about your genetic information being exposed, you’d submit the therapy invoice with your name and dates of service, plus a brief statement explaining that you sought this treatment because of the 23andMe breach. If a home security company installed motion sensors following the breach, you’d submit the installation invoice and a statement linking the timing to the breach notification. The settlement doesn’t require extensive evidence of emotional distress—just documentation that the expense happened and a reasonable connection to the breach. Keep these documents organized and uploaded clearly through the portal.
Broader Steps to Protect Yourself After a Data Breach
While the settlement provides compensation, it doesn’t restore what was lost—the privacy violation itself. Beyond filing your claim, consider monitoring your credit reports for the next few years to detect identity theft early. The three major Canadian credit bureaus (Equifax Canada, TransUnion, and Experian) allow you to check your reports for free annually. If you notice unauthorized accounts or inquiries tied to the breach, you can place a fraud alert on your file.
Additionally, this breach highlights why genetic and health data deserves special protection. If you’ve used other genetic testing services or health tracking platforms, review their privacy policies and security practices. Consider enabling multi-factor authentication on any accounts containing sensitive information. The settlement is a one-time remedy; ongoing vigilance is your best defense against future breaches and their consequences.
Conclusion
If you were a 23andMe customer in Canada between May and October 2023, you have until June 25, 2026 to claim your settlement compensation. The process is simple for ordinary claims—approximately CAD$17.77 requires no documentation. Extraordinary claims offering up to CAD$2,500 require proof that you incurred specific, documented expenses directly tied to the breach between October 2023 and March 2024.
Start your claim at canadian23andmesettlement.ca today rather than waiting until the deadline approaches. Gather any documentation supporting extraordinary expenses—receipts, invoices, statements—and submit your claim with clear explanations linking each expense to the breach. The June 25 deadline is firm, and missing it forfeits your claim entirely. This settlement represents compensation for privacy harm; while it doesn’t undo the breach, it acknowledges the legitimate costs and disruption affected Canadian consumers experienced.