CALIFORNIA'S Attorney General Rob Bonta has filed a lawsuit against the genetic testing company, 23andMe, formerly Chrome Holding Co., for allegedly failing to protect sensitive user data in a breach affecting nearly 7 million customers. The 2023 breach allowed unauthorized access to 14,000 accounts through credential stuffing, exploiting weak passwords. Despite knowing about potential red flags, such as a spike in login attempts, 23andMe did not secure its systems adequately or notify customers promptly.
The stolen data, including genetic and personal information, was offered for sale on the dark web amid rising anti-Asian and antisemitic sentiments. The lawsuit seeks civil penalties, alleging that the company's lax security measures led to significant consumer risk. Furthermore, a settlement of $50 million was reached in a class-action lawsuit over the breach, with final approval pending.