23andMe Data Breach Lawsuit: California Attorney General Takes Legal Action

California Attorney General Rob Bonta has filed a lawsuit against the genetics testing company 23andMe over a 2023 data breach that exposed the personal information of around 6.9 million U.S. customers. The complaint alleges that 23andMe ignored warnings about the breach and failed to protect customers' data, including health information, genetic predispositions, ancestry, and ethnicity. The lawsuit was filed against Chrome Holding Co, the legal entity for 23andMe.
Following a federal bankruptcy judge's approval of a settlement, 23andMe established a fund of $30 million to $50 million to address most U.S. claims related to the data breach. The breach, which occurred in April 2023 and lasted for about five months, also involved allegations that customers with Chinese and Ashkenazi Jewish ancestry were targeted by the hacker, who offered their information for sale on the dark web.
Founded in 2006 and publicly traded in 2021, 23andMe faced financial challenges and filed for Chapter 11 bankruptcy in March 2025 due to the data breach, litigation, competition, and declining demand for genetics testing products. The company emerged from bankruptcy in July after being acquired by TTAM Research Institute for $305 million, a move that was opposed by Bonta on privacy grounds.
The lawsuit highlights the importance of safeguarding personal data and the consequences of failing to address cybersecurity threats effectively. Customers entrust companies like 23andMe with sensitive information, and it is crucial for businesses to prioritize data protection to maintain trust and compliance with privacy regulations.