California AG Sues 23andMe Over 2023 Data Breach
🔒 Attorney General Rob Bonta has sued 23andMe (now Chrome Holding Co.) for failing to protect sensitive genetic and personal information after a 2023 breach exposed data of nearly 7 million customers, including 855,541 Californians. The suit alleges inadequate safeguards against credential-stuffing, missed detection opportunities, a coding error in the DNA Relatives feature, and misleading public statements about security. It seeks injunctions and statutory penalties under multiple California laws, including CCPA and the California Genetic Information Privacy Act.
