news.bloomberglaw.com
California Sues 23andMe Over 2023 Data Breach Affecting 7 Million Users
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
California's Attorney General Rob Bonta has filed a lawsuit against 23andMe, now known as Chrome Holding Co., for failing to protect sensitive user data in a 2023 data breach. The breach exposed the personal information of nearly 7 million users, including genetic data and health reports, due to a credential stuffing attack that exploited weak passwords. The company acknowledged that 14,000 accounts were accessed, leading to the scraping of data from connected profiles. The breach was discovered in October 2023 when the stolen data was offered for sale on the dark web. California's lawsuit seeks civil penalties and aims to hold the company accountable for its lax security measures. The breach has raised significant privacy concerns, especially regarding the targeting of specific ethnic groups. 23andMe filed for bankruptcy in March 2025, complicating the legal landscape for affected users. The lawsuit is part of a broader scrutiny of the company's data handling practices during its bankruptcy proceedings.
Key Points: • California's lawsuit targets 23andMe for failing to secure user data after a major breach. • The breach affected nearly 7 million users, exposing sensitive genetic and health information. • Credential stuffing was the attack method, leveraging weak passwords from a prior data breach.