California sues 23andMe over alleged ‘lax’ data security that failed to protect nearly 7 million users’ data in 2023 breach
California's attorney general has filed a lawsuit against 23andMe for failing to protect user data in a significant 2023 breach. The breach affected nearly 7 million users and involved the theft of sensitive genetic information. The lawsuit seeks civil penalties and injunctions to prevent further violations of privacy laws.
- ▪The lawsuit alleges that 23andMe's security measures were inadequate, allowing a threat actor to operate undetected for over five months.
- ▪The breach involved the use of stolen user credentials from a previous data breach affecting MyHeritage.
- ▪23andMe has faced criticism for misleading consumers about the severity of the breach and failing to investigate early warning signs.
Opening excerpt (first ~120 words) tap to expand
California’s attorney general sued the genetic testing company formerly known as 23andMe on Thursday, alleging it failed to protect sensitive user data in a 2023 breach that affected nearly 7 million people across the country.Recommended Video Attorney General Rob Bonta filed the lawsuit against Chrome Holding Co., which 23andMe rebranded under after filing for bankruptcy last March. 23andme is known for its direct-to-consumer DNA test kits that provided customers information on their ancestry and genetic predispositions for certain health conditions. The lawsuit calls for various civil penalties against 23andMe and injunctions blocking the company from further violations of California’s privacy protection laws.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Fortune.
Discussion
0 commentsMore from Fortune
