{"id":258020,"date":"2026-05-28T14:00:00","date_gmt":"2026-05-28T18:00:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/28\/california-sues-23andme-over-2023-breach-of-millions-dna-data\/"},"modified":"2026-05-28T14:45:09","modified_gmt":"2026-05-28T18:45:09","slug":"california-sues-23andme-over-2023-breach-of-millions-dna-data","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/28\/california-sues-23andme-over-2023-breach-of-millions-dna-data\/","title":{"rendered":"California Sues 23andMe Over 2023 Breach of Millions\u2019 DNA Data"},"content":{"rendered":"<p><a href=\"https:\/\/news.bgov.com\/privacy-and-data-security\/california-sues-23andme-over-2023-breach-of-millions-dna-data\">California Sues 23andMe Over 2023 Breach of Millions\u2019 DNA Data<\/a><\/p>\n<p><a href=\"https:\/\/news.bgov.com\/privacy-and-data-security\/california-sues-23andme-over-2023-breach-of-millions-dna-data\">https:\/\/news.bgov.com\/privacy-and-data-security\/california-sues-23andme-over-2023-breach-of-millions-dna-data<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-28 14:00:00<\/a><\/p>\n<p>Source Domain: <a href=\"news.bgov.com\">news.bgov.com<\/a><\/p>\n<p>California Attorney General Rob Bonta sued the genetic testing company formerly known as 23andMe over its handling of a 2023 data breach that exposed nearly 7 million users\u2019 sensitive personal information, including genetic data.<\/p>\n<p>The company, now doing business as Chrome Holding Co., publicly touted its commitment to data privacy and security, yet it ignored numerous warnings that systems had been compromised and misled consumers\u2019 about the fate of their sensitive data, the state enforcer said.<\/p>\n<p>\u201c23andMe collected genetic data about millions of people, failed to meet its obligation under California law to keep that information safe, and then lied to consumers about the severity of its 2023 data breach,\u201d Bonta said in a press release. \u201cOur investigation found that the company failed to take basic steps to protect users\u2019 data\u2014data including the sensitive personal information, family histories, and health conditions of consumers.\u201d<\/p>\n<p>While 23andMe was negotiating with\u2014and paying a ransom to\u2014the hacker, the company continued to assure consumers it hadn\u2019t experienced a security incident, downplayed the sensitivity of the stolen data, and shifted blame to users, the Democratic attorney general said. 23andMe violated the California Consumer Privacy Act and Genetic Information Privacy Act as well as the state\u2019s unfair competition law, among other statutes.<\/p>\n<p>Due to 23andMe\u2019s lax security practices, the hacker breached its systems undetected for five months using account usernames and passwords stolen in previous data breaches, Bonta said. Despite being aware of the risks, 23andMe\u2019s security team didn\u2019t check for or prevent re-use of credentials, the state enforcer added.<\/p>\n<p>The ensuing sale of the genetic data on the dark web took place amid mounting anti-Asian American and Pacific Islander and antisemitic hate and violence, Bonta said, and called attention to the personal and identifying nature of the information.<\/p>\n<p>\u201cThis is disturbing and incredibly&#8230;<\/p>\n<p><a href=\"https:\/\/news.bgov.com\/privacy-and-data-security\/california-sues-23andme-over-2023-breach-of-millions-dna-data\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>California Sues 23andMe Over 2023 Breach of Millions\u2019 DNA Data https:\/\/news.bgov.com\/privacy-and-data-security\/california-sues-23andme-over-2023-breach-of-millions-dna-data Publish Date: 2026-05-28 14:00:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":258022,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/bwrite-static.bloombergindustry.com\/dims4\/default\/03f4a68\/2147483647\/crop\/4000x1542+0+338\/resize\/960x370%3E\/quality\/90\/?url=https%3A%2F%2Fbloomberg-bna-brightspot.s3.us-east-1.amazonaws.com%2Fe7%2Fe9%2F69c130224c58b03685babd211229%2F367721835.jpg","fifu_image_alt":"","footnotes":""},"categories":[16],"tags":[30,138],"class_list":["post-258020","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-privacy","tag-breach","tag-california-consumer-privacy-act"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/258020"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=258020"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/258020\/revisions"}],"predecessor-version":[{"id":258023,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/258020\/revisions\/258023"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/258022"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=258020"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=258020"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=258020"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}