23andMe hit with California lawsuit alleging 'lax' security led to 2023 breach
By Mike Swift ( May 28, 2026, 21:18 GMT | Insight) -- California's attorney general sued the successor company to 23andMe, alleging that the consumer genetics testing company had data security protections that were "so lax that the threat actor was able to operate undetected within 23andMe’s systems for over five months," and that the company misled consumers by telling them it had strong data security in place. California Attorney General Rob Bonta said the state is seeking fines in the “multi-millions” for violations of the California Consumer Privacy Act and other laws. The successor company to 23andMe has been hit by a suit over a 2023 data breach by California’s attorney general, who is seeking multiple millions of dollars in civil penalties over a cyberattack that resulted in the personal data of Asian and Jewish Americans’ data being sold on the dark web....
Prepare for tomorrow’s regulatory change, today
MLex identifies risk to business wherever it emerges, with specialist reporters across the globe providing exclusive news and deep-dive analysis on the proposals, probes, enforcement actions and rulings that matter to your organization and clients, now and in the longer term.
Know what others in the room don’t, with features including:
- Daily newsletters for Antitrust, M&A, Trade, Data Privacy & Security, Technology, AI and more
- Custom alerts on specific filters including geographies, industries, topics and companies to suit your practice needs
- Predictive analysis from expert journalists across North America, the UK and Europe, Latin America and Asia-Pacific
- Curated case files bringing together news, analysis and source documents in a single timeline
Experience MLex today with a 14-day free trial.