23andMe Sued by California Over Huge 2023 Knowledge Breach

California’s legal professional basic is suing the buyer genetics testing firm previously referred to as 23andMe, alleging it failed to guard clients’ delicate private data in an enormous 2023 knowledge breach that uncovered the ancestry and genetic knowledge of practically 7 million folks.

Lawyer Common Rob Bonta filed the lawsuit on Thursday in San Francisco Superior Court docket in opposition to Chrome Holding Co., previously referred to as 23andMe, accusing the corporate of failing to correctly examine or reply to quite a few warnings that its programs had been compromised. The corporate’s mail-in self-testing kits turned synonymous with DNA testing earlier than it filed for chapter in 2025.

In 2023, cybercriminals breached 23andMe’s programs by utilizing a “credential-stuffing assault,” which entails bombarding on-line accounts with enormous units of person names and passwords stolen in earlier unrelated assaults. Over a interval of months, the intruders had been capable of make off with the private knowledge of greater than 6.9 million folks.

“23andMe’s safety measures had been so lax that the risk actor was capable of function undetected inside 23andMe’s programs for over 5 months, and remarkably, 23andMe solely started investigating after the risk actor supplied the stolen person knowledge on the market on the darkish internet and reached out to 23andMe to demand a ransom,” Bonta’s workplace stated within the criticism. 

The San Francisco-based firm, which allowed folks to submit genetic supplies and get a snapshot of their ancestry, revealed in October 2023 that hackers had accessed buyer data within the extended knowledge breach that focused clients with Chinese language or Ashkenazi Jewish ancestry. The stolen knowledge of greater than 1 million Asian-Pacific Islander and Ashkenazi Jewish customers was later posted on the market on the darkish internet. 

“The sale of this knowledge on the darkish internet passed off amidst a interval of mounting anti-Asian American and Pacific Islander and antisemitic hate and violence,” Bonta stated in a press launch. “That is disturbing and extremely harmful.”

 A January 2024 lawsuit accused the corporate of not doing sufficient to guard its clients and never notifying sure clients that their knowledge had been focused particularly. It later settled the lawsuit for $30 million.

23andMe representatives did not instantly reply to a request for remark.

At its peak, 23andMe turned the best-known identify within the rising space of DNA self-testing, with customers paying upwards of $99 for kits that gave them insights into their genetic make-up, potential kinfolk and ancestry. However the firm’s momentum slowed down in recent times after its $3.5 billion public providing in 2021.

Final July, TTAM Analysis Institute, a nonprofit led by Anne Wojcicki, 23andMe’s cofounder and former CEO, acquired 23andMe’s property for $305 million.