:

23ANDME PAYS $18M FOR GENETIC DATA BREACH

SECURITY DESK1 MIN READ
THU, JUL 16, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Genetic testing company 23andMe has agreed to an $18 million settlement with 43 state attorneys general over failure to protect customer genetic data.

The settlement resolves allegations that 23andMe inadequately safeguarded sensitive genetic information. The company failed to implement reasonable security measures, leaving customer DNA profiles and ancestry data vulnerable to unauthorized access. The breach exposed millions of users' genetic information, raising concerns about privacy and data protection in the biotech industry. Regulators argued the company did not adequately warn customers about security risks or obtain proper consent for data handling practices. 23andMe operates one of the largest consumer genetic databases globally. The company has faced increasing scrutiny over data privacy practices as genetic testing becomes more mainstream. This settlement marks one of the largest penalties against a direct-to-consumer genetics company. The $18 million will be distributed among the states involved in the settlement. Additionally, 23andMe agreed to strengthen its security protocols and implement enhanced data protection measures going forward.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Traditional security workflows designed for human-speed operations are inadequate for AI agents, requiring organizations to rebuild defenses around live identity foundations and customizable threat responses.

1H AGOAI Desk

Two members of the Scattered Spider cybercrime collective have been sentenced to five years and six months in prison each for a 2024 cyberattack that disrupted Transport for London.

3H AGOAI Desk

Russian threat actor UAT-11795 is distributing trojanized versions of popular video conferencing apps to deploy Starland, a new backdoor capable of stealing credentials and cryptocurrency.

5H AGOSecurity Desk

A new ransomware group called Spirals has demonstrated rapid attack capabilities, completing full network encryption within a single day. The threat actor moved from initial access through data theft to encryption faster than most ransomware operations.

5H AGOSecurity Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.