California Attorney General sues 23andMe successor for 2023 data breach

California Attorney General sues 23andMe successor for 2023 data breachJust nowShareSaveAdd as preferred on GoogleLily JamaliNorth America Technology correspondentReutersCalifornia Attorney General Rob Bonta has said he will sue DNA testing firm Chrome Holding following a probe on Thursday, alleging its predecessor company 23andMe failed to protect sensitive customer data.Bonta said the failure resulted in a 2023 data breach which exposed genetic predispositions and risk factors of nearly seven million users, plus information about biological relatives, ancestry, and ethnicity."Our investigation found that the company failed to take basic steps to protect users' data," said Bonta, who added 23andMe "lied to consumers about the severity of its 2023 data breach."The BBC has requested comment from Chrome Holding. The company was rebranded after 23andMe filed for bankruptcy last year.Bonta also alleges the subsequent sale of 23andMe user data on the dark web by threat actors specifically touted that it belonged to Asian American Pacific Islanders (AAPI) and Jewish users."This is disturbing and incredibly dangerous" given it occurred during a period of "mounting anti-Asian American and Pacific Islander and antisemitic hate and violence," Bonta said.Users were targeted by a so-called "credential stuffing" attack in which hackers used passwords exposed in previous breaches to access 23andMe accounts for which people had used similar credentials.The 2023 data breach has resulted in international regulatory scrutiny for the company.Last year, it was fined £2.31m by the Information Commissioner's Office (ICO), a UK watchdog, which alleged 23andMe failed to put adequate measures in place to secure sensitive user data prior to the incident.The ICO said personal data of 155,592 UK residents was accessed.The company has said it has "made several binding commitments to enhance protections for customer data and privac...