The company called the settlement “fair, adequate, and reasonable” and told PCMag it’s intended to settle all US claims concerning last year’s breach, which exposed customer data on 23andMe to a hacker. The attacker pulled this off by first breaching 14,000 accounts, and then exploiting the service’s optional “DNA relatives” feature to access the profiles of millions of other users.

The breach became evident after the hacker tried to sell the stolen DNA-related information in a forum at $100,000 per 100,000 user profiles. The incident prompted some victims to hire lawyers and file class action lawsuits, alleging that 23andMe had failed to protect their data.