Published 39 minutes ago • loading... • Updated 7 hours ago

California sues 23andMe, alleging it failed to protect user data in 2023 breach

On Thursday, California Attorney General Rob Bonta sued Chrome Holding, the firm formerly known as 23andMe, alleging it failed to protect sensitive user data in a 2023 breach affecting an estimated 6.9 million customers.
Hackers exploited the company's lack of basic security protocols by using "credential stuffing"—reusing passwords from prior breaches—allowing threat actors to operate undetected within 23andMe systems for over five months before demanding a ransom.
Stolen data specifically targeted about 1.1 million Asian-Pacific Islander and Ashkenazi Jewish users. Bonta called the exposure "disturbing and incredibly dangerous" amid "mounting anti-Asian American and Pacific Islander and antisemitic hate and violence."
Chrome Holding previously agreed to pay $50 million in January to resolve most U.S. customer claims during bankruptcy; the new lawsuit now seeks civil penalties and injunctions blocking further violations of California privacy law.
The ICO investigated the breach, finding 155,592 UK residents were affected, while Bonta's lawsuit aims to enforce California law mandating "one of the highest levels of protection" for genetic information.

Insights by Ground AI

32 Articles

California sues 23andMe over 2023 data breach that affected 7 million users

California AG Rob Bonta has sued 23andMe over the 2023 data breach that led to the sale of 7 million users' data on the dark web.

7 hours ago·United States

Read Full Article

cnet

Center

23andMe Sued by California Over Massive 2023 Data Breach

Attorney general calls the company's security measures "lax" and says it failed to adequately investigate warnings its systems had been compromised.

12 hours ago·New York, United States

Read Full Article

Newser

Lean Left

California Sues Owner of Former 23andMe

California is taking the company once known as 23andMe to court over what it calls a deeply mishandled leak of genetic data. State Attorney General Rob Bonta on Thursday sued Chrome Holding Co., 23andMe's post-bankruptcy successor, saying it failed to safeguard highly sensitive information—including health indicators, DNA profiles, and...

13 hours ago·Miami, United States

Read Full Article

CBS News

Center

California sues former 23andMe over 2023 ancestry and genetic data breach

California is suing the company formerly known as 23andMe over its 2023 breach of ancestry and genetic data, one of the most consequentilal data breaches ever.

17 hours ago·United States

Read Full Article

Reuters

+3 Reposted by 3 other sources

Center

California sues 23andMe over large 2023 data breach

17 hours ago·New York, United States

Read Full Article

Associated Press News

+16 Reposted by 16 other sources

Lean Left

California sues 23andMe, alleging it failed to protect user data in 2023 breach

California’s attorney general is suing the genetic testing company formerly known as 23andMe, alleging it failed to protect sensitive user data in a 2023 breach that affected nearly 7 million people across the country.

18 hours ago·New York, United States

Read Full Article

Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/year