What was the nature of the data breach?
The data breach involved hackers accessing approximately 7 million 23andMe user accounts and stealing sensitive information, including genetic data and health reports.
Yanuki
ARTICLE DETAIL
California Attorney General Sues 23andMe Over Data Breach | Barry Diller's People Inc. Makes $18 Billion Bid for MGM Resorts | FedEx Completes Spin-Off of FedEx Freight | Seafood Industry Recap: Government Initiatives, Trade Disruptions, and Sustainability Efforts - June 1, 2026 | Barry Diller's People Inc. Bids to Acquire MGM Resorts | SoftBank to Invest €75 Billion in French AI Infrastructure | Aerosol Propellants and Air Fresheners Market Trends: Growth, Innovation, and Sustainability | Peter Thiel's Move to Argentina: A Billionaire 'Plan B' Trend | Trump Administration to Appeal Tariff Refund Ruling: What It Means for Businesses | California Attorney General Sues 23andMe Over Data Breach | Barry Diller's People Inc. Makes $18 Billion Bid for MGM Resorts | FedEx Completes Spin-Off of FedEx Freight | Seafood Industry Recap: Government Initiatives, Trade Disruptions, and Sustainability Efforts - June 1, 2026 | Barry Diller's People Inc. Bids to Acquire MGM Resorts | SoftBank to Invest €75 Billion in French AI Infrastructure | Aerosol Propellants and Air Fresheners Market Trends: Growth, Innovation, and Sustainability | Peter Thiel's Move to Argentina: A Billionaire 'Plan B' Trend | Trump Administration to Appeal Tariff Refund Ruling: What It Means for Businesses
Business / Cybersecurity
California Attorney General Sues 23andMe Over Data Breach
California Attorney General Rob Bonta has filed a lawsuit against 23andMe, alleging the company failed to adequately protect customer data during a 2023 data breach. The breach affected nearly 7 million individuals, exposing sensitive genet...
Key Insights
- The lawsuit alleges 23andMe failed to protect the data of nearly 7 million users in a 2023 breach.
- Hackers were able to operate within 23andMe's systems for five months undetected, exploiting weak passwords through credential stuffing.
- The exposed data, including raw genetic information and health reports, was offered for sale on the dark web.
- 23andMe is accused of misleading consumers about the severity of the breach and its role in the incident.
- The lawsuit seeks civil penalties and injunctions to prevent further violations of California's privacy laws.
In-Depth Analysis
In May 2026, California Attorney General Rob Bonta sued 23andMe, a well-known genetic testing company, for allegedly failing to protect user data during a significant data breach in 2023. The breach impacted nearly 7 million people, including over 850,000 Californians. The lawsuit, filed in San Francisco Superior Court, accuses 23andMe of negligence and misleading consumers about the severity of the breach.
The complaint details how hackers exploited weak passwords through a technique called "credential stuffing" to access user accounts. The attackers were able to operate within 23andMe's systems for approximately five months before being detected. During this time, they accessed and stole sensitive data, including raw genetic information, health reports, and ancestry details. This information was subsequently offered for sale on the dark web.
The lawsuit also alleges that 23andMe was aware of suspicious activity, such as a spike in user login attempts, as early as July 2023 but failed to take appropriate action. Furthermore, the company is accused of downplaying the severity of the breach in its communications with consumers.
This legal action follows 23andMe's bankruptcy filing in March 2025 and its subsequent acquisition by TTAM Research Institute, a nonprofit led by former CEO Anne Wojcicki. The lawsuit names Chrome Holding Co., a subsidiary of TTAM, as the defendant.
The lawsuit seeks civil penalties against 23andMe and injunctions to prevent future violations of California's privacy protection laws. It also highlights the importance of robust security measures for companies handling sensitive genetic data.
FAQ
What is credential stuffing?
Credential stuffing is a cyberattack technique that involves using stolen usernames and passwords from other breaches to gain unauthorized access to user accounts on different platforms.
What is 23andMe accused of?
23andMe is accused of failing to adequately protect user data, neglecting to investigate early warning signs of a breach, and misleading consumers about the severity of the incident.
Takeaways
- Protect your online accounts by using strong, unique passwords and enabling multi-factor authentication.
- Be cautious about reusing passwords across multiple platforms.
- Stay informed about potential data breaches and take steps to secure your personal information.
- Understand the privacy policies and security measures of companies that handle your sensitive data.
- Consider the risks and benefits before sharing your genetic information with direct-to-consumer testing services.
Discussion
Do you think genetic testing companies should be held to a higher standard of data protection? Share your thoughts in the comments below!
Share this article with others who need to stay ahead of this trend!
Sources
Disclaimer
This article was compiled by Yanuki using publicly available data and trending information. The content may summarize or reference third-party sources that have not been independently verified. While we aim to provide timely and accurate insights, the information presented may be incomplete or outdated.
All content is provided for general informational purposes only and does not constitute financial, legal, or professional advice. Yanuki makes no representations or warranties regarding the reliability or completeness of the information.
This article may include links to external sources for further context. These links are provided for convenience only and do not imply endorsement.
Always do your own research (DYOR) before making any decisions based on the information presented.