California Sues 23andMe Over 6.9 Million-Customer Data Breach, Seeks Multimillion-Dollar Fines
Updated
Updated · USA TODAY · May 28
California Sues 23andMe Over 6.9 Million-Customer Data Breach, Seeks Multimillion-Dollar Fines
7 articles · Updated · USA TODAY · May 28
6.9 million U.S. customers had genetic and personal data exposed in a 2023 breach that California says 23andMe concealed and mishandled, prompting Attorney General Rob Bonta to sue in San Francisco Superior Court.
856,000 Californians were affected, and the complaint alleges the company ignored repeated signs its systems were compromised during a breach that began in April 2023 and lasted about five months.
Multiple millions of dollars in civil penalties are being sought under California's Genetic Information Privacy Act and consumer-protection laws, though Bonta said any recovery must be worked through 23andMe's bankruptcy.
$30 million to $50 million was already approved in bankruptcy court to settle most U.S. customer claims, while Bonta's separate challenge to the $305 million sale of 23andMe's assets to Anne Wojcicki's TTAM remains pending.
When hackers target DNA data by ethnicity, how can genetic testing companies guarantee the safety of vulnerable groups?
As states create a patchwork of privacy laws, is our most sensitive data truly safe nationwide?
23andMe’s 2023 Data Breach: 7 Million Genetic Profiles Exposed, Legal Fallout, and Industry Shakeup
Overview
In July 2025, TTAM Research Institute acquired 23andMe's assets after the latter's bankruptcy and data breach lawsuit settlement. This acquisition was designed to address 23andMe's legacy issues and set a new direction under TTAM's leadership. Importantly, the funds from the sale are expected to compensate all of 23andMe's creditors, including customers harmed by the data breach. By providing restitution and aiming to restore trust, the acquisition marks a pivotal step toward financial closure for those affected and signals a fresh start for the company and its stakeholders.