California Sues 23andMe Successor Over Data Breach

Chinwe Igbokwe04 mins
California Sues 23andMe Successor Over Data Breach

The California Attorney General has filed a major lawsuit against the successor company of 23andMe, alleging gross negligence during a massive 2023 data breach. The state’s top prosecutor claims the genetic testing firm failed to protect the sensitive biological and personal information of millions of customers. The cyberattack exposed the ancestry profiles, health data, and digital identities of nearly seven million users worldwide. Government investigators found that the company ignored multiple early security warnings and maintained inadequate network monitoring protocols. This legal action marks the most aggressive state intervention yet following the corporate collapse and subsequent restructuring of the pioneering DNA platform.

The litigation focuses heavily on the targeted nature of the breach, which disproportionately exposed users of specific ethnic heritages. Hackers successfully scraped data through a credential-stuffing campaign, gaining access to accounts that reused old passwords from other compromised websites. The intruders then exploited the platform’s “DNA Relatives” feature to systematically download the linked profiles of millions of broader family members. State prosecutors argue that the firm should have implemented mandatory multi-factor authentication much earlier to prevent such large-scale automated harvesting. The state is now seeking hundreds of millions of dollars in civil penalties and strict court-ordered cybersecurity mandates.

This lawsuit arrives at a moment of profound corporate vulnerability for the troubled genetic ancestry brand. The firm underwent a chaotic bankruptcy and asset restructuring last year following a total collapse in its stock market valuation. A newly formed holding company acquired the remaining database assets, inheriting the substantial legal liabilities of the original corporate entity. Privacy advocates have long warned that the sale of bankrupt DNA databases poses an existential threat to consumer privacy. The California Department of Justice intends to use this case to establish a binding legal precedent holding successor corporations fully accountable for legacy digital data failures.

The financial and reputational fallout from the prosecution could permanently dismantle what remains of the commercial genetic testing industry. Public trust in consumer DNA kits has plummeted since the breach, forcing competitors to aggressively revamp their own encryption protocols. The lawsuit alleges that the company actively misled the public by delaying the formal disclosure of the breach for several weeks. This delayed notification prevented affected users from taking immediate defensive measures to secure their external financial and personal accounts. The state’s legal team is demanding full restitution for California residents whose genomic data remains circulating on underground hacking forums.

Cybersecurity experts note that genetic data breaches are uniquely dangerous because biological information can never be changed or reset like a password. Stolen genomic profiles allow bad actors to orchestrate highly targeted phishing campaigns or commit sophisticated medical identity theft. There are also mounting concerns that compromised health markers could eventually influence predatory insurance profiling or employment discrimination. The attorney general emphasized that the state will strictly enforce its landmark privacy laws against any digital firm treating user data as a secondary concern. The prosecution represents a stern warning to Silicon Valley companies that corporate restructuring cannot wash away structural data liabilities.

The defense team has expressed disappointment with the state’s aggressive litigation, maintaining that the original firm was the victim of a sophisticated criminal conspiracy. The successor company claims it has already implemented world-class encryption upgrades and mandatory identity verification across its entire user base. However, these retroactive security measures will do little to mitigate the severe legal penalties outlined in the state’s comprehensive filing. The trial will likely proceed in the San Francisco Superior Court later this winter, drawing intense scrutiny from technology executives nationwide. The ultimate verdict will reshape the regulatory boundaries governing how private corporations store, monetize, and protect human genetic blueprints.

Related posts:

  1. Internet and Social Media Addiction: Lessons from China
  2. 5G Deployment: Speeding to Create a Digital Nigeria
  3. Self-Driving Vehicles: How Safe Is this Emerging Technology?
  4. Waiting for the Invention of the Nigerian Digital Currency
  5. A Massive Drop in Internet Subscription in Nigeria
  6. Artemis II Crew Prepares for High-Speed Return to Earth