California sues 23andMe, alleging it failed to protect user data in 2023 breach
California's attorney general has filed a lawsuit against 23andMe, alleging the company failed to protect user data in a significant 2023 breach. The breach affected nearly 7 million customers and involved the theft of sensitive genetic information. The lawsuit seeks civil penalties and injunctions to prevent further violations of privacy laws.
- ▪The breach was caused by a cyberattack that utilized credential stuffing, exploiting weak passwords.
- ▪23andMe's security measures were criticized for being inadequate, allowing the threat actor to operate undetected for over five months.
- ▪The stolen data included raw genetic data, health reports, and personal information of relatives.
Opening excerpt (first ~120 words) tap to expand
California's attorney general sued the genetic testing company formerly known as 23andMe on Thursday, alleging it failed to protect sensitive user data in a 2023 breach that affected nearly 7 million people across the country.Attorney General Rob Bonta filed the lawsuit against Chrome Holding Co., which 23andMe rebranded under after filing for bankruptcy last March. 23andme is known for its direct-to-consumer DNA test kits that provided customers information on their ancestry and genetic predispositions for certain health conditions.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at The Hindu — Top.
Discussion
0 commentsMore from The Hindu — Top
