it

California Attorney General sues 23andMe successor for 2023 data breach

Published: (May 28, 2026 at 02:28 PM EDT)
2 min read
Source: BBC Technology

Source: BBC Technology

California Attorney General sues 23andMe successor for 2023 data breach

Reuters – The 23andMe logo is seen at a genealogical convention. The logo is on a bright, white display stand at the front of a carpeted exhibition stall for the company, with people in light blue uniform shirts and others in plain clothes around a table in the background.

California Attorney General Rob Bonta announced that he will sue DNA‑testing firm Chrome Holding following a probe, alleging that its predecessor, 23andMe, failed to protect sensitive customer data.

The alleged failure resulted in a 2023 data breach that exposed genetic predispositions, risk factors, ancestry information, and details about biological relatives for nearly seven million users.

“Our investigation found that the company failed to take basic steps to protect users’ data,” Bonta said, adding that 23andMe “lied to consumers about the severity of its 2023 data breach.”

The BBC has requested comment from Chrome Holding. The company was rebranded after 23andMe filed for bankruptcy last year.

Bonta also alleges that threat actors sold the compromised 23andMe data on the dark web, specifically targeting Asian American Pacific Islander (AAPI) and Jewish users. He described this as “disturbing and incredibly dangerous,” noting it occurred amid a rise in anti‑Asian American, Pacific Islander, and antisemitic hate and violence.

The breach involved a credential‑stuffing attack, where hackers reused passwords exposed in previous breaches to access 23andMe accounts with similar credentials.

International regulatory response

  • The UK’s Information Commissioner’s Office (ICO) reported that personal data of 155,592 UK residents was accessed.
  • The ICO’s investigation, coordinated with Canada’s privacy commissioner, found that 23andMe violated UK law by failing to implement appropriate authentication and verification measures during login.
  • The company has made “several binding commitments to enhance protections for customer data and privacy.”

Public concerns

Some users expressed worry that insurance companies might purchase their genetic data and use it to determine coverage eligibility.

Background on 23andMe

  • Co‑founded by Anne Wojcicki (sister of the late YouTube CEO Susan Wojcicki and ex‑wife of Google co‑founder Sergey Brin).
  • Notable customers have included Snoop Dogg, Oprah Winfrey, and Eva Longoria.
  • The company’s share price peaked above $300 before crashing in 2024.
0 views
#data breach #23andMe #Chrome Holding #California Attorney General #genetic privacy #cybersecurity #consumer data protection
View source
Share:
Back to Blog

Related posts

Read more »