23andMe Sued by California Over Huge 2023 Information Breach
California’s legal professional basic is suing the patron genetics testing firm previously generally known as 23andMe, alleging the corporate failed to guard prospects’ delicate private info in an enormous 2023 knowledge breach that uncovered the ancestry and genetic knowledge of practically 7 million individuals.
Legal professional Common Rob Bonta filed the lawsuit on Thursday in San Francisco Superior Court docket towards Chrome Holding Co., previously generally known as 23andMe, accusing the corporate of failing to correctly examine or reply to quite a few warnings that its methods had been compromised. The corporate’s mail-in self-testing kits grew to become synonymous with DNA testing earlier than it filed for chapter in 2025.
In 2023, cybercriminals breached 23andMe’s methods by utilizing a “credential-stuffing assault,” which entails bombarding on-line accounts with enormous units of consumer names and passwords stolen in earlier unrelated assaults. Over a interval of months, the intruders had been in a position to make off with the private knowledge of greater than 6.9 million individuals.
“23andMe’s safety measures had been so lax that the menace actor was in a position to function undetected inside 23andMe’s methods for over 5 months, and remarkably, 23andMe solely started investigating after the menace actor provided the stolen consumer knowledge on the market on the darkish net and reached out to 23andMe to demand a ransom,” Bonta’s workplace stated within the criticism.
The San Francisco-based firm, which allowed individuals to submit genetic supplies and get a snapshot of their ancestry, revealed in October 2023 that hackers had accessed buyer info within the extended knowledge breach that focused prospects with Chinese language or Ashkenazi Jewish ancestry. The stolen knowledge of greater than 1 million Asian-Pacific Islander and Ashkenazi Jewish customers was later posted on the market on the darkish net.
“The sale of this knowledge on the darkish net occurred amidst a interval of mounting anti-Asian American and Pacific Islander and antisemitic hate and violence,” Bonta stated in a press launch. “That is disturbing and extremely harmful.”
A January 2024 lawsuit accused the corporate of not doing sufficient to guard its prospects and never notifying sure prospects that their knowledge had been focused particularly. It later settled the lawsuit for $30 million.
23andMe representatives did not instantly reply to a request for remark.
At its peak, 23andMe grew to become the best-known title within the rising space of DNA self-testing, with customers paying upwards of $99 for kits that gave them insights into their genetic make-up, potential kinfolk and ancestry. However the firm’s momentum slowed down in recent times after its $3.5 billion public providing in 2021.
Final July, TTAM Analysis Institute, a nonprofit led by Anne Wojcicki, 23andMe’s cofounder and former CEO, acquired 23andMe’s property for $305 million.
