Summary: A plan filed with the St. Louis bankruptcy court proposes that victims of a 2023 data breach at 23andMe receive a $46.75 million distribution under direction of the company’s bankruptcy administrator. The filing characterizes the payment as an "equitable outcome" that reflects the company’s financial condition and avoids further litigation. Court approval remains necessary before the plan can be implemented.
The administrator’s Wednesday night filing notes that the $46.75 million figure is $3.25 million below the maximum that the presiding judge in the Chapter 11 case authorized in January. From that sum, $14.29 million already distributed in connection with the breach will be deducted, yielding an additional payout of $32.46 million to be disbursed to victims, according to the filing.
The data security incident in 2023 exposed genetic information and other personal data for an estimated 6.9 million customers in the United States. The bankruptcy administrator reported that more than 255,860 claims have been resolved, while thousands of claims remain pending.
23andMe, which is based in Palo Alto, California, sought protection under Chapter 11 in March 2025. In its filing, the company cited the 2023 breach and the resulting litigation as primary drivers for the bankruptcy filing, and also pointed to increased competition and declining demand for genetic testing products.
In a related transaction last July, TTAM Research Institute - a nonprofit controlled by 23andMe co-founder Anne Wojcicki - purchased the company’s assets for $305 million. The company’s legal name is now Chrome Holding Co.
Despite the proposed payout for breach victims, the company continues to face legal exposure. Last month the California Attorney General, Rob Bonta, initiated a state-court lawsuit alleging that 23andMe ignored warnings that its systems had been compromised and that the company downplayed the severity of the breach. The attorney general is seeking potentially millions of dollars in civil fines.
Bankruptcy Judge Brian Walsh has not ruled on whether the state’s action may proceed. In January he had approved establishing a fund for data breach victims in the $30 million to $50 million range. The administrator’s proposed $46.75 million distribution sits within that previously authorized band but will still require the court’s formal approval before funds are released.
Contextual note: The administrator describes the proposed payment as a balance between maximizing recovery for claimants and reflecting the reorganized company’s financial constraints, while aiming to eliminate further costly litigation.