Subsequent Events	6 Months Ended
Sep. 30, 2023
Subsequent Events [Abstract]
Subsequent Events	18. Subsequent Events Cyber Security Incident On October 10, 2023, the Company reported that certain profile information, which a customer creates and chooses to share with their genetic relatives in the DNA Relatives feature, was accessed from individual 23andMe.com accounts without the account users’ authorization (the “incident”). While the Company’s investigation is ongoing, it appears an unauthorized third party downloaded a file that included the data points of various users’ DNA Relatives profiles, and then created posts on other websites with links containing such information where other third parties could download this information. As of the filing date of this Quarterly Report on Form 10-Q, it is unclear who and how many third parties may download this information from such posts. Based on the Company’s investigation as of the filing date of this Quarterly Report on Form 10-Q, the Company does not have any indication at this time that there has been a data security incident within its systems, or that it was the source of the account credentials used in these attacks. As of the filing date of this Quarterly Report on Form 10-Q, the Company believes that the threat actor was able to access certain accounts in instances usernames and passwords that were used on 23andMe.com were the same as those used on other websites that had been previously compromised or otherwise available. The Company’s investigation into this matter is ongoing, and it is still discerning the implications of the incident. As of the filing of this Quarterly Report on Form 10-Q, as a result of this incident, multiple class action claims have been filed against the Company in federal and state court in California, as well as in British Columbia, which the Company is defending. These cases are at an early stage, and the Company cannot predict the outcome. The Company is also assessing its response to notices filed by consumers under the California Consumer Privacy Act and to inquiries from various governmental officials and agencies. The full scope of the costs and related impacts of this incident and the related litigation, including, without limitation, the availability of insurance to offset some of these costs, cannot be estimated at this time. Amendment to GSK Agreement On October 27, 2023, the Company entered into an amendment to the GSK Agreement (the “2023 GSK Amendment”) to provide GSK with a non-exclusive license to certain new, de-identified, aggregated data of the Company’s database (the “New Data”), as well as access to certain Company research services with respect to such New Data. The Company will receive a $20.0 million data access fee in two installments consisting of (i) $5.0 million following the execution of the 2023 GSK Amendment and (ii) the remaining $15.0 million after the date on which GSK receives the New Data from the Company, which is expected to be delivered by December 1, 2023. The New Data license will expire one year after GSK provides the Company with a notice that GSK is ready to use the New Data (notice is anticipated no later than September 30, 2024), unless the parties enter into a separate extension agreement. The 2023 GSK Amendment also enables the Company to opt-out of cost-sharing and other research and development obligations with respect to three programs initiated by GSK and the Company under the original GSK Agreement. The Company will retain rights to receive low to mid-single digit royalties on net sales of products developed in any such opted-out program. The foregoing summary of the 2023 GSK Amendment is qualified in its entirety by reference to the full text of the 2023 GSK Amendment, which is attached hereto as Exhibit 10.2 and incorporated herein by reference.

Subsequent Events

6 Months Ended

Sep. 30, 2023

18. Subsequent Events

Cyber Security Incident

On October 10, 2023, the Company reported that certain profile information, which a customer creates and chooses to share with their genetic relatives in the DNA Relatives feature, was accessed from individual 23andMe.com accounts without the account users’ authorization (the “incident”). While the Company’s investigation is ongoing, it appears an unauthorized third party downloaded a file that included the data points of various users’ DNA Relatives profiles, and then created posts on other websites with links containing such information where other third parties could download this information. As of the filing date of this Quarterly Report on Form 10-Q, it is unclear who and how many third parties may download this information from such posts. Based on the Company’s investigation as of the filing date of this Quarterly Report on Form 10-Q, the Company does not have any indication at this time that there has been a data security incident within its systems, or that it was the source of the account credentials used in these attacks. As of the filing date of this Quarterly Report on Form 10-Q, the Company believes that the threat actor was able to access certain accounts in instances usernames and passwords that were used on 23andMe.com were the same as those used on other websites that had been previously compromised or otherwise available. The Company’s investigation into this matter is ongoing, and it is still discerning the implications of the incident. As

of the filing of this Quarterly Report on Form 10-Q, as a result of this incident, multiple class action claims have been filed against the Company in federal and state court in California, as well as in British Columbia, which the Company is defending. These cases are at an early stage, and the Company cannot predict the outcome. The Company is also assessing its response to notices filed by consumers under the California Consumer Privacy Act and to inquiries from various governmental officials and agencies. The full scope of the costs and related impacts of this incident and the related litigation, including, without limitation, the availability of insurance to offset some of these costs, cannot be estimated at this time.

Amendment to GSK Agreement

On October 27, 2023, the Company entered into an amendment to the GSK Agreement (the “2023 GSK Amendment”) to provide GSK with a non-exclusive license to certain new, de-identified, aggregated data of the Company’s database (the “New Data”), as well as access to certain Company research services with respect to such New Data. The Company will receive a $20.0 million data access fee in two installments consisting of (i) $5.0 million following the execution of the 2023 GSK Amendment and (ii) the remaining $15.0 million after the date on which GSK receives the New Data from the Company, which is expected to be delivered by December 1, 2023. The New Data license will expire one year after GSK provides the Company with a notice that GSK is ready to use the New Data (notice is anticipated no later than September 30, 2024), unless the parties enter into a separate extension agreement. The 2023 GSK Amendment also enables the Company to opt-out of cost-sharing and other research and development obligations with respect to three programs initiated by GSK and the Company under the original GSK Agreement. The Company will retain rights to receive low to mid-single digit royalties on net sales of products developed in any such opted-out program.

The foregoing summary of the 2023 GSK Amendment is qualified in its entirety by reference to the full text of the 2023 GSK Amendment, which is attached hereto as Exhibit 10.2 and incorporated herein by reference.