California Attorney General to sue 23andMe over 2023 data breach<br>Skip to content

Home<br>News<br>US & Canada<br>UK<br>UK Politics<br>England<br>N. Ireland<br>N. Ireland Politics<br>Scotland<br>Scotland Politics<br>Wales<br>Wales Politics<br>Africa<br>Asia<br>China<br>India<br>Australia<br>Europe<br>Latin America<br>Middle East<br>In Pictures<br>BBC InDepth<br>BBC Verify<br>Football 2026<br>Business<br>World of Business<br>Technology of Business<br>NYSE Opening Bell<br>Technology<br>Watch Documentaries<br>Artificial Intelligence<br>Intelligence Revolution<br>AI v the Mind<br>Tech Now<br>Health<br>Watch Documentaries<br>Culture<br>Watch Documentaries<br>Film & TV<br>Music<br>Art & Design<br>Style<br>Books<br>Entertainment News<br>Arts<br>Watch Documentaries<br>Arts in Motion<br>Travel<br>Watch Documentaries<br>Destinations<br>Africa<br>Antarctica<br>Asia<br>Australia and Pacific<br>Caribbean & Bermuda<br>Central America<br>Europe<br>Middle East<br>North America<br>South America<br>World’s Table<br>Culture & Experiences<br>Adventures<br>The SpeciaList<br>Earth<br>Watch Documentaries<br>Science<br>Natural Wonders<br>Climate Solutions<br>Sustainable Business<br>Green Living<br>Sport<br>Audio<br>Podcast Categories<br>Radio<br>Audio FAQs<br>Video<br>Watch Documentaries<br>BBC Maestro<br>Discover the World<br>Live<br>Live News<br>Live Sport<br>Documentaries

Site search

Home

News

Football 2026

Business

Technology

Health

Culture

Arts

Travel

Earth

Sport

Audio

Video

Live

Documentaries

Weather<br>Newsletters<br>Watch Live

California Attorney General sues 23andMe successor for 2023 data breach

4 days agoShareSaveAdd as preferred on Google

Lily JamaliNorth America Technology correspondent

Reuters

California Attorney General Rob Bonta has said he will sue DNA testing firm Chrome Holding following a probe on Thursday, alleging its predecessor company 23andMe failed to protect sensitive customer data.

Bonta said the failure resulted in a 2023 data breach which exposed genetic predispositions and risk factors of nearly seven million users, plus information about biological relatives, ancestry, and ethnicity.

"Our investigation found that the company failed to take basic steps to protect users' data," said Bonta, who added 23andMe "lied to consumers about the severity of its 2023 data breach."

The BBC has requested comment from Chrome Holding.

The company was rebranded after 23andMe filed for bankruptcy last year.

Bonta also alleges the subsequent sale of 23andMe user data on the dark web by threat actors specifically touted that it belonged to Asian American Pacific Islanders (AAPI) and Jewish users.

"This is disturbing and incredibly dangerous" given it occurred during a period of "mounting anti-Asian American and Pacific Islander and antisemitic hate and violence," Bonta said.

Users were targeted by a so-called "credential stuffing" attack in which hackers used passwords exposed in previous breaches to access 23andMe accounts for which people had used similar credentials.

The 2023 data breach has resulted in international regulatory scrutiny for the company.

Last year, it was fined £2.31m by the Information Commissioner's Office (ICO), a UK watchdog, which alleged 23andMe failed to put adequate measures in place to secure sensitive user data prior to the incident.

The ICO said personal data of 155,592 UK residents was accessed.

The company has said it has "made several binding commitments to enhance protections for customer data and privacy."

Under UK data protection law, genetic data is considered a special category of data and requires further protections and safeguards due to its sensitive nature.

The ICO's probe was conducted in coordination with Canada's privacy commissioner and found 23andMe violated UK law by failing to implement appropriate authentication and verification measures for customers during its login process.

23andMe came under scrutiny again last year when users reported difficulty deleting their accounts after the company filed for Chapter 11 bankruptcy protection in order to sell itself through a court-supervised process.

At the time, some users expressed concern over the prospect of insurance companies purchasing their data and using it to determine whether to provide coverage.

23andMe was cofounded by Anne Wojcicki, sister of the late YouTube boss Susan Wojcicki and ex-wife of Google co-founder Sergey Brin.

The company once counted Snoop Dogg, Oprah Winfrey, and Eva Longoria as customers and saw its share price top $300 at its peak before crashing in 2024.

Struggling DNA testing firm 23andMe to be bought for $256m

23andMe users struggle to delete their highly sensitive data

UK watchdog fines 23andMe for 'profoundly damaging' data breach

Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here.

California<br>Data protection<br>International business

Related

Marilyn Monroe 'lookalikes' gather to celebrate her 100th birthday

Oscar-winning Star Wars editor Marcia Lucas dies aged 80

Police investigate motive in fatal attack outside man's Trump-themed home

More from the BBC

40 mins ago

Steph Curry signs with Chinese brand after Under Armour...