California Attorney General Rob Bonta sued genetics testing company 23andMe on Thursday over a 2023 data breach that exposed genetic and other personal information of an estimated 6.9 million U.S. customers.
In a complaint filed in San Francisco Superior Court, California accused 23andMe of ignoring numerous warnings that its systems had been compromised and downplaying the severity of the data breach, which exposed information about customers' health, genetic predispositions, biological relatives, ancestry and ethnicity.
The breach began in April 2023 and lasted about five months. Bonta said about 856,000 Californians were affected. "This data breach, and the company's handling of it, was entirely unacceptable," Bonta said.
Neither 23andMe nor its lawyers immediately responded to requests for comment. The lawsuit seeks civil fines that could total "multiple millions" of dollars for violations of California's Genetic Information Privacy Act and state consumer protection laws.
The lawsuit came 14 months after 23andMe filed for bankruptcy in St. Louis. Bonta acknowledged that collecting any judgment would require working through the bankruptcy process. Four months ago, the federal judge overseeing the bankruptcy granted final approval for a $30 million to $50 million fund to resolve most U.S. customer claims from the data breach.
