CRIME & LAW

California Sues 23andMe Over Massive 2023 Data Breach

▪

Read, Watch or Listen

Media Bias Meter

Sources: 4

Center 75%

Right 25%

Sources: 4

San Francisco — California Attorney General Rob Bonta sued Chrome Holding Co., the company formerly known as 23andMe, in San Francisco Superior Court on Thursday, May 28, alleging the firm failed to protect customers' genetic, ancestry and health-related data after a breach that began in April 2023 and reportedly lasted several months. The complaint states hackers used credential-stuffing to access about 14,000 accounts initially disclosed in October 2023 and then scraped profiles linked to nearly 6.9 million users, including roughly 855,000 Californians; Bonta seeks civil penalties, injunctions and oversight while litigation proceeds this year and regulators and privacy groups review potential wider policy responses.

Prepared by Emily Rhodes and reviewed by editorial team.

Timeline of Events

April 2023: Breach begins and persists for approximately five months.
October 2023: Company publicly discloses around 14,000 accounts accessed.
Subsequent analysis reveals scraping of nearly 6.9 million linked profiles.
Prior March: Company filed for bankruptcy and is legally known as Chrome Holding Co.
May 28, 2024: California AG Rob Bonta files suit in San Francisco Superior Court.

Why This Matters to You

This data breach could affect your privacy. If you've used 23andMe, your genetic and health data might be exposed. It's a good idea to monitor your accounts and watch for any suspicious activity.

The Bottom Line

Chrome Holding Co., formerly 23andMe, is under fire for a data breach affecting millions. It's a stark reminder of the risks in sharing sensitive information online. Worth forwarding if you know someone who's used these services.