:

CALIFORNIA SUES 23ANDME OVER 7M-PERSON DATA BREACH

AI DESK2 MIN READ
FRI, MAY 29, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

California's attorney general filed suit against genetic testing company 23andMe on Thursday, alleging it failed to adequately protect user data in a 2023 breach affecting approximately 7 million people across the United States.

Attorney General Rob Bonta's lawsuit claims 23andMe neglected to implement reasonable security measures that would have prevented unauthorized access to sensitive genetic and health information. The breach, discovered in 2023, exposed personal data belonging to millions of customers nationwide. The complaint alleges that 23andMe's security failures violated California consumer protection laws. According to Bonta's office, the company failed to use adequate safeguards such as stronger password requirements and additional security protections despite knowing the risks associated with storing genetic data. 23andMe confirmed the breach last year, initially indicating that hackers accessed account information through credential stuffing attacks, where bad actors use previously compromised usernames and passwords to gain entry to accounts. The company subsequently revealed that some users' genetic ancestry data had also been exposed. The lawsuit seeks penalties and damages on behalf of affected California residents. It represents one of several legal challenges the genetic testing company has faced following the breach. The case highlights ongoing tensions between data-intensive tech companies and regulators over security practices. Genetic testing services collect some of the most sensitive personal information available—DNA data that can reveal family relationships, ancestry, and potential health risks. Such information requires heightened protection standards compared to typical consumer data. 23andMe did not immediately respond to requests for comment on the lawsuit. The company has previously stated it takes security seriously and has implemented improvements to its systems following the incident. The litigation underscores regulatory scrutiny of how companies handle biometric and genetic information, particularly in California, where privacy protections have become increasingly stringent in recent years.

■ SOURCES

Techmeme

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

4H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

4H AGOSecurity Desk

Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.

7H AGOAI Desk

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

9H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.