California Sues 23andMe Successor Over Historic Genetic Data Breach
San Francisco, Saturday, 30 May 2026.
California sued 23andMe’s successor over a 2023 breach exposing 7 million users. Shockingly, hackers operated undetected for five months, explicitly targeting Asian and Jewish genetic profiles.
A Catastrophic Security Failure
In late May 2026, California Attorney General Rob Bonta officially filed a lawsuit in San Francisco Superior Court against Chrome Holding Co., the corporate successor of genetic testing pioneer 23andMe [3][4][5] [alert! ‘Sources vary slightly on the exact filing date between May 21 and May 28, 2026, though formal announcements occurred on May 27 and 28’]. The legal action centers on a massive 2023 cybersecurity breach that compromised the personal and genetic ancestry data of approximately 6.9 million to 7 million users worldwide [3][4][5]. This included over 855,000 California residents, representing roughly 12.222 percent of the total affected population [3][4][5]. Hackers exploited a vulnerability in the platform’s “DNA Relatives” feature, leveraging credentials leaked from an older breach at a partner genealogy company, MyHeritage, to access roughly 14,000 accounts [1][4][7]. From there, the threat actors scraped millions of interconnected profiles, operating completely undetected inside the company’s systems for five months [1][4].