California Sues 23andMe Over 2023 Data Breach Affecting 7 Million Users

California Sues 23andMe Over 2023 Data Breach Affecting 7 Million Users

First seen 28 May 2026, 18:56 UTC News.Bgovnews.bloomberglaw.comItnews.AuMyjournalcourierCbsnews+24 91% similarity 66.0

Article Content

Browse articles
ThreatCluster

California's Attorney General Rob Bonta has filed a lawsuit against 23andMe, now known as Chrome Holding Co., for failing to protect sensitive user data in a 2023 data breach. The breach exposed the personal information of nearly 7 million users, including genetic data and health reports, due to a credential stuffing attack that exploited weak passwords. The company acknowledged that 14,000 accounts were accessed, leading to the scraping of data from connected profiles. The breach was discovered in October 2023 when the stolen data was offered for sale on the dark web. California's lawsuit seeks civil penalties and aims to hold the company accountable for its lax security measures. The breach has raised significant privacy concerns, especially regarding the targeting of specific ethnic groups. 23andMe filed for bankruptcy in March 2025, complicating the legal landscape for affected users. The lawsuit is part of a broader scrutiny of the company's data handling practices during its bankruptcy proceedings.

Key Points: • California's lawsuit targets 23andMe for failing to secure user data after a major breach. • The breach affected nearly 7 million users, exposing sensitive genetic and health information. • Credential stuffing was the attack method, leveraging weak passwords from a prior data breach.

ThreatCluster AI

Timeline

2023-10-01
Data breach discovered
23andMe found that user data was being sold on the dark web, affecting nearly 7 million users.
Abcnews
2023-10-01
Breach publicly disclosed
23andMe publicly acknowledged the breach affecting 14,000 accounts and the scraping of data from connected profiles.
Cbsnews
2025-03-01
23andMe files for bankruptcy
The company filed for Chapter 11 bankruptcy, citing the financial impact of the data breach and related lawsuits.
Myjournalcourier
2026-05-28
California files lawsuit against 23andMe
California's Attorney General filed a lawsuit against Chrome Holding Co. for failing to protect user data in the 2023 breach.
Apnews

Community

Browse all →