California Attorney General to sue 23andMe over 2023 data breach
BBC • • business
Key Points:
- California Attorney General Rob Bonta announced plans to sue DNA testing firm Chrome Holding, formerly 23andMe, over a 2023 data breach that exposed sensitive genetic information of nearly seven million users.
- The breach revealed users' genetic predispositions, biological relatives, ancestry, and ethnicity, with allegations that 23andMe misled consumers about the breach's severity.
- The stolen data was reportedly sold on the dark web, with hackers highlighting information belonging to Asian American Pacific Islander and Jewish users amid rising hate crimes against these groups.
- The breach involved a "credential stuffing" attack, where hackers exploited reused passwords from previous breaches to access user accounts.
- The UK’s Information Commissioner’s Office fined 23andMe £2.31 million for inadequate data security measures, and the company has since pledged to improve customer data protections following international regulatory scrutiny.