23andMe inherits lawsuit over 'disturbing' DNA data breach

Legal

23andMe inherits lawsuit over 'disturbing' DNA data breach

California AG claims genetics biz downplayed 2023 mega-leak while paying ransom to attacker

The office of Rob Bonta, California's attorney general, is suing 23andMe for the data protection failings that led to the genetics company's disastrous 2023 breach.Bonta and his team claim [PDF] that 23andMe failed to implement adequate security controls for the sensitive records it stored, and misled customers about the nature of the mishap after the fact."23andMe collected genetic data about millions of people, failed to meet its obligation under California law to keep that information safe, and then lied to consumers about the severity of its 2023 data breach," said Bonta on Thursday. "Our investigation found that the company failed to take basic steps to protect users' data – data including the sensitive personal information, family histories, and health conditions of consumers

"The sale of this data on the dark web took place amidst a period of mounting anti-Asian American and Pacific Islander and antisemitic hate and violence – and explicitly called attention to the deeply personal and identifying nature of that information. This is disturbing and incredibly dangerous. Today, my office is suing 23andMe for its categorical failure to comply with California law."