California sues 23andMe over alleged ‘lax’ data security that failed to protect nearly 7 million users’ data in 2023 breach |
California sues 23andMe over alleged ‘lax’ data security that failed to protect nearly 7 million users’ data in 2023 breach
California’s attorney general sued the genetic testing company formerly known as 23andMe on Thursday, alleging it failed to protect sensitive user data in a 2023 breach that affected nearly 7 million people across the country.
Attorney General Rob Bonta filed the lawsuit against Chrome Holding Co., which 23andMe rebranded under after filing for bankruptcy last March. 23andme is known for its direct-to-consumer DNA test kits that provided customers information on their ancestry and genetic predispositions for certain health conditions.
The lawsuit calls for various civil penalties against 23andMe and injunctions blocking the company from further violations of California’s privacy protection laws.
The company has acknowledged that it suffered a major security breach in 2023 that resulted in about 14,000 accounts accessed, through which they were able to steal the data of nearly 7 million customers. The cyberattack utilized “credential stuffing,” which takes advantage of customers’ tendency to use weak or common........