California AG sues 23andMe over 2023 breach exposing health data

📅 29 May 2026 at 18:08 UTC📰 Bleeping ComputerView original source ↗

California Attorney General Rob Bonta filed a lawsuit against 23andMe, now Chrome Holding Co., over the company's failure to protect sensitive customer genetic and personal information. [...]

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

23andMe suffered a significant data breach exposing the sensitive information of nearly 7 million customers, including 855,541 Californians, due to inadequate security measures and a credential-stuffing attack.

⚙️Technical Details

Affected Systems

23andMe's accounts with weak credentialsDNA Relatives feature

Attack Vectors

credential-stuffing attackcoding error in DNA Relatives

💥Impact Assessment

Severity: high

Who Is at Risk

customers of 23andMe, including genetic data, health predisposition information, ancestry and ethnicity information, biological relatives, and DNA matches

🛡️Recommended Actions

1Implement robust security measures to prevent credential-stuffing attacks

2Regularly update and patch software to fix coding errors

3Conduct thorough vulnerability assessments of sensitive data storage systems

📦Affected Products

23andMe's accounts with weak credentialsDNA Relatives feature

Read the full article

This is a curated summary. The complete article is available at Bleeping Computer.

Read on Bleeping Computer ↗

← Back to feed