California attorney general sues 23andMe for data breach - BERITAJA

The California lawyer wide revenge a suit Thursday against the institution formerly known arsenic 23andMe, accusing the familial testing work of failing to protect customers’ information during a 2023 breach.

The information breach affected about 7 cardinal group crossed the country, including much than 850,000 Californians, according to a release from Atty. Gen. Rob Bonta’s office.

The exposed information contained delicate worldly specified arsenic earthy familial accusation and wellness reports. Hackers listed the information for waste connected the acheronian web successful 2023, Bonta said.

23andMe revenge for bankruptcy past twelvemonth and was acquired by TTAM Research Institute, a nonprofit led by the company’s erstwhile Chief Executive Anne Wojcicki. Bonta revenge suit against Chrome Holding Co., a subsidiary of TTAM and the firm debtor sanction that 23andMe operated nether during bankruptcy.

“23andMe collected familial information about millions of people, grounded to meet its responsibility nether California rule to support that accusation safe, and past lied to consumers about the severity of its 2023 information breach,” Bonta said successful a statement.

A 2023 investigation by the California Department of Justice recovered that the hackers were capable to run wrong 23andMe’s systems for 5 months without being detected. 23andMe only began investigating erstwhile the information were offered for waste connected the acheronian web, the investigation found.

The hackers utilized a communal maneuver known arsenic credential stuffing to entree the data, which exploits anemic and reused passwords.

“Businesses, peculiarly those that cod and support delicate individual and familial data, could and should cognize to defender against” credential stuffing, the lawyer general’s merchandise said.

According to the complaint revenge successful the San Francisco Superior Court this week, 23andMe “misled consumers and grounded to return evident steps basal to safeguard its customers’ delicate individual information.”

23andMe was founded successful San Francisco successful 2006 and popularized at-home familial testing, allowing customers to nonstop successful a saliva sample and person a DNA analysis.

At its peak, 23andMe was weighted astatine $6 cardinal and attracted personage attention, holding “spit parties” wherever high-profile customers spit into a conduit to supply their DNA sample. The samples helped group observe wholly caller family trees and could uncover consequential wellness information, specified arsenic a familial predisposition to cancer.

After its promising rise, however, the institution began seeing signs of trouble. Because users request to supply a DNA sample only erstwhile to usage 23andMe’s services, the institution grounded to found a sustainable business exemplary based connected repetition customers. Additionally, 23andMe struggled to licence its tech to pharmaceutical companies, which could person boosted profits.

By the clip the institution revenge for bankruptcy successful March 2025, it had collected about 15 cardinal DNA samples.

The lawyer wide has a separate, pending ineligible challenge successful the U.S. Bankruptcy Court for the Eastern District of Missouri regarding the waste of Californians’ familial accusation and worldly successful bankruptcy.