California sues 23andMe, alleging it failed to protect user data in 2023 breach
ABC News - Breaking News, Latest News and Videos • • business
Key Points:
- California Attorney General Rob Bonta sued genetic testing company 23andMe, alleging it failed to protect sensitive user data during a 2023 breach affecting nearly 7 million people nationwide.
- The lawsuit claims 23andMe, now rebranded as Chrome Holding Co., did not implement common security measures like password resets or multifactor authentication after a related 2017 data breach, allowing attackers to access data undetected for over five months.
- Stolen genetic data, including raw DNA, health reports, and relative information, was sold on the dark web, raising concerns amid rising anti-Asian American, Pacific Islander, and antisemitic violence.
- The lawsuit accuses 23andMe of misleading consumers about the breach's severity and failing to investigate early warning signs such as unusual login activity and public reports of data sales.
- In 2024, 23andMe agreed to a $50 million settlement resolving most U.S. customer claims related to the breach, which was approved by a federal judge during the company’s bankruptcy proceedings.