California Attorney General Rob Bonta sued Chrome Holding Co., formerly 23andMe, over a 2023 breach that exposed sensitive genetic and health data from nearly 7 million people. The lawsuit says the company failed to use basic protections like password resets and multifactor authentication, allowing attackers to exploit stolen credentials and later sell data on the dark web. #23andMe #ChromeHoldingCo #RobBonta
Keypoints
- California sued 23andMe over a breach that affected nearly 7 million users.
- The attack used credential stuffing with stolen login credentials.
- Investigators say 23andMe lacked basic safeguards like multifactor authentication.
- Stolen genetic and health data was later offered for sale on the dark web.
- The lawsuit seeks civil penalties and an injunction for privacy law violations.