Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
California Lawsuit Accuses 23andMe of Data Breach Negligence

California Lawsuit Accuses 23andMe of Data Breach Negligence

Posted on May 29, 2026 By CWS

The state of California has initiated legal action against the genetic testing company previously known as 23andMe, highlighting a significant breach of user data security in 2023. The lawsuit, filed by Attorney General Rob Bonta, points to the company’s failure to safeguard sensitive information, affecting nearly seven million individuals nationwide.

Background of the Legal Action

On Thursday, Attorney General Bonta lodged a lawsuit against Chrome Holding Co., the entity under which 23andMe was rebranded following its bankruptcy filing last March. Known for its DNA testing kits that provide insights into ancestry and health predispositions, 23andMe faces allegations of inadequate data security measures.

The lawsuit seeks multiple civil penalties and injunctions to prevent further violations of California’s stringent privacy protection laws. The company admitted to a significant security breach in 2023, where approximately 14,000 accounts were compromised, leading to the exposure of data from nearly seven million customers. The cyberattack exploited a method known as ‘credential stuffing,’ taking advantage of weak and reused passwords.

Details of the Cybersecurity Breach

According to Bonta’s office, the attack exploited a common vulnerability that businesses should actively guard against. The attackers utilized stolen credentials from a 2017 data breach at MyHeritage, a former partner of 23andMe. Despite this, 23andMe allegedly did not implement standard security measures like password resets or multifactor authentication.

Critically, the security lapses allowed attackers to infiltrate 23andMe’s systems undetected for over five months. The breach only came to light when the stolen data appeared for sale on the dark web, prompting the company to investigate after being contacted by the threat actor demanding a ransom.

Implications and Ongoing Legal Proceedings

In October 2023, the pilfered data surfaced on the dark web, notably including information on 1.1 million consumers identified as Asian-Pacific Islander and Ashkenazi Jewish. Bonta emphasized the grave concerns this posed amid rising anti-Asian and antisemitic sentiments.

The lawsuit asserts that post-breach, 23andMe misled the public regarding the breach’s extent and the company’s involvement. Furthermore, the company reportedly neglected early warnings like increased login attempts and online discussions hinting at a data sale.

California law mandates robust protection for genetic data, and Bonta intervened to ensure compliance during 23andMe’s bankruptcy proceedings. Despite these efforts, the asset sale proceeded without requiring customer consent for data transfers. In 2024, 23andMe agreed to a $50 million settlement to resolve claims from affected U.S. customers, a decision finalized in January.

This case underscores the critical importance of stringent cybersecurity measures, especially for companies handling sensitive genetic information.

Security Week News Tags:23andMe, California lawsuit, credential stuffing, Cybersecurity, dark web, data breach, genetic testing, privacy laws, Rob Bonta, user data protection

Post navigation

Previous Post: Security Challenges Posed by AI-Driven Apps Exposed
Next Post: Hackers Leverage Microsoft Teams to Mimic IT Support

Related Posts

Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day Security Week News
AI Tools Pose New Supply Chain Risks, Researchers Warn AI Tools Pose New Supply Chain Risks, Researchers Warn Security Week News
Geordie Secures M to Enhance AI Governance Geordie Secures $30M to Enhance AI Governance Security Week News
NIST’s Single Photon Chip Boosts Quantum Security NIST’s Single Photon Chip Boosts Quantum Security Security Week News
No Patch for Flaw Exposing Hundreds of LG Cameras to Remote Hacking No Patch for Flaw Exposing Hundreds of LG Cameras to Remote Hacking Security Week News
Android 17 Beta Enhances Privacy and Security Measures Android 17 Beta Enhances Privacy and Security Measures Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • UK Issues Alert on Russian Cyber Threats to Networks
  • SAP Addresses Major Security Flaws in NetWeaver and More
  • Canadian Cybersecurity Leaders Shine at Web Summit Vancouver
  • Valarian Secures $50M for Innovative Infrastructure Layer
  • npm Packages Exploited to Form DDoS Botnet

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • UK Issues Alert on Russian Cyber Threats to Networks
  • SAP Addresses Major Security Flaws in NetWeaver and More
  • Canadian Cybersecurity Leaders Shine at Web Summit Vancouver
  • Valarian Secures $50M for Innovative Infrastructure Layer
  • npm Packages Exploited to Form DDoS Botnet

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark