23andMe Nets Approval of Data Breach Settlements in Bankruptcy

A bankruptcy judge preliminarily approved settlements resolving a bulk of customer claims over 23andMe’s 2023 data breach, marking a key step in the DNA testing company’s effort to exit Chapter 11.

Judge Brian C. Walsh of the US Bankruptcy Court for the Eastern District of Missouri on Friday signed off on three separate agreements, two of which relate to the incident that impacted nearly 7 million people and prompted dozens of lawsuits nationwide and internationally.

The US settlement establishes a fund of between $30 million and $50 million and a Canadian fund of $3.25 million (CA$4.49 million).

The funds would pay for extraordinary losses, such as identity fraud and mental health treatment. The US deal includes five years of identity monitoring and $165 checks for those whose health data was compromised.

Walsh found the settlements were fair and equitable. He said if he ultimately approves the US deal on a final basis, it would be a “superior way” of settling the hundreds of thousands of claims.

While some people may be excluded from the “extraordinary loss” payouts, they would still receive some level of relief, he said, such as insurance plan monitoring.

A committee of equity holders opposed the US deal during a Thursday hearing, saying it leaves a $20 million gap that could spark further litigation. The committee was also concerned about a high risk of people opting out of the deal to pursue claims.

Lawyers representing the company and the putative class argued that it was less risky to mediate or litigate over a narrower issue than to fight in court over class certification and data breach claims, which could take years.

The judge said a fixed amount in the US settlement would be easier, but it wasn’t enough to reject the settlement.

While the opt-out exposure is “a possibility,” he said, at this point the company must use its business judgment.

“We will see how people react to it in a final hearing,” Walsh said.

The final hearing hasn’t yet been scheduled.

The settlements help address most of more than 250,000 claims tied mainly to the breach, valued at more than $51 trillion.

The approval is an important step for 23andMe, now called Chrome Holding Co., which filed for bankruptcy in March and is working to secure court approval of its bankruptcy plan after selling nearly all its assets in the summer for just over $300 million.

Walsh also on Friday approved a separate $3.25 million settlement with plaintiffs who sued Lemonaid Health and LMND Medical Group in the Northern District of California last year, alleging improper website tracking.

Walsh signed off on another settlement reached earlier this year between 23andMe and roughly 30,000 data breach victims who opted out of the US cyber class and filed arbitration claims, despite objections from the arbitration claimants.

The arbitration group argued Thursday that the deal wasn’t executable and that the “unexpected change of circumstances”—namely the sale of 23andMe’s assets to its cofounder and a related nonprofit—since the bankruptcy began rendered the agreement terms “no longer fair or equitable.” The terms haven’t been publicly disclosed.

23andMe argued that the arbitration claimants were bound by the contract when their lawyers signed the agreement on their behalf.

Walsh rejected arguments that the deal was invalid because lawyers, not claimants, signed it, noting they were authorized to act on their clients’ behalf.

The DNA testing firm is represented by Paul, Weiss, Rifkind, Wharton & Garrison LLP and Carmody MacDonald PC.

The case is Chrome Holding Co., Bankr. E.D. Mo., No. 25-40976, hearing 9/26/25.