California AG sues 23andMe over 2023 breach exposing health data
Recorded: May 29, 2026, 7 p.m.
| Original | Summarized |
California AG sues 23andMe over 2023 breach exposing health data News Featured California AG sues 23andMe over 2023 breach exposing health data US charges Google security engineer with Polymarket insider trading Charter Communications data breach affects 4.9 million accounts GreyVibe hackers use ChatGPT, Gemini to power cyberattacks ChatGPT share links abused to host fake outage pages to deliver malware California AG sues 23andMe over 2023 breach exposing health data From $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a- Service Market Dutch govt disrupts malware botnet with 17 million infected devices Tutorials Latest How to access the Dark Web using the Tor Browser How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11 How to use the Windows Registry Editor How to backup and restore the Windows Registry How to start Windows in Safe Mode How to remove a Trojan, Virus, Worm, or other Malware How to show hidden files in Windows 7 How to see hidden files in Windows Webinars Latest Qualys BrowserCheck STOPDecrypter AuroraDecrypter FilesLockerDecrypter AdwCleaner ComboFix RKill Junkware Removal Tool Deals Categories eLearning IT Certification Courses Gear + Gadgets Security VPNs Popular Best VPNs How to change IP address Access the dark web safely Best VPN for YouTube Forums Virus Removal Guides HomeNewsSecurityCalifornia AG sues 23andMe over 2023 breach exposing health data California AG sues 23andMe over 2023 breach exposing health data By Bill Toulas May 29, 2026 California Attorney General Rob Bonta filed a lawsuit against 23andMe, now Chrome Holding Co., over the company’s failure to protect sensitive customer genetic and personal information. The Validation Gap: Automated Pentesting Answers One Question. You Need Six. Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.This guide covers the 6 surfaces you actually need to validate. Related Articles: 23andMe Bill Toulas Previous Article Post a Comment Community Rules You need to login in order to post a comment Not a member yet? Register Now You may also like: Upcoming Webinar Popular Stories Charter confirms data breach after ShinyHunters extortion threat Microsoft Defender can now automatically isolate hacked endpoints Windows 11 KB5089573 update released with performance improvements Sponsor Posts 33% Rise in Healthcare Credential Theft in 2025: What you need to know #1 MSP Benchmark report 2026: Insights from 1,000+ MSPs on growth, security, artificial intelligence, and key 2026 trends. AI is a data-breach time bomb: Read the new report Overdue a password health-check? Audit your Active Directory for free Upcoming Webinar Follow us: Main Sections News Community Forums Useful Resources Welcome Guide Company About BleepingComputer Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure Copyright @ 2003 - 2026 Bleeping Computer® LLC - All Rights Reserved Login Username Password Remember Me Sign in anonymously Sign in with Twitter Not a member yet? Register Now Help us understand the problem. What is going on with this comment? Spam Abusive or Harmful Inappropriate content Strong language Other Read our posting guidelinese to learn what content is prohibited. Submitting... |
The California Attorney General filed a lawsuit against 23andMe, now Chrome Holding Co., alleging the company failed to implement reasonable safeguards, resulting in a significant data breach in 2023 that exposed sensitive customer genetic and personal information. This incident involved approximately 7 million customers, including 855,541 Californians. The data exposure surfaced in October of that year after threat actors offered stolen records to prove authenticity. The company contended that the data exfiltration occurred via a credential-stuffing attack exploiting weak credentials. Investigation revealed that attackers accessed data from users who opted into the platform's 'DNA Relatives' feature, as well as a second, larger set of accounts that did not utilize that feature, resulting in the exposure of genetic data, health predisposition information, ancestry and ethnicity details, biological relatives, and DNA matches. The lawsuit, brought by Attorney General Rob Bonta, asserts that 23andMe failed to establish adequate security measures against credential-stuffing attacks and missed opportunities to detect the intrusion. Furthermore, the complaint highlights a failure to identify and correct a coding error within the DNA Relatives feature that facilitated the widespread breach. Beyond the failures in data protection, the Attorney General also argued that 23andMe engaged in misleading public statements both before and after the incident, initially claiming high security standards and subsequently downplaying the severity of the breach and blaming customers for password reuse. The Attorney General seeks an injunction to prevent further violations of state laws, arguing that these actions contravened several statutes, including the California Genetic Information Privacy Act, the California Reasonable Data Security Law, the California Consumer Privacy Act, the False Advertising Law, and the Unfair Competition Law. The complaint further seeks statutory penalties ranging from $1,000 to $7,500 per violation. The Attorney General noted that the dispute regarding the proposed sale of Californians' genetic data and biological materials remains a separate legal proceeding from the data breach claim. Bill Toulas, the reporter covering this matter, documented these developments. |