New York Attorney General James Secures $18 Million From 23andMe for Failing to Protect Customers’ Genetic Data
USANewsOnline.Com Desk, New York : New York Attorney General Letitia James and a bipartisan coalition of 42 other attorneys general today secured $18 million from genetic testing company 23andMe for failing to protect customers’ private genetic data. In October 2023, 23andMe announced that it had discovered a data breach affecting 6.9 million consumers, including 305,245 in New York. The breach exposed a broad range of customer data, including genetic ancestry information. Some customers’ data was even published for sale on the dark web. As part of the settlement, Attorney General James and the coalition have secured new data protection requirements to secure 23andMe customer data. 23andMe will also pay more than $705,000 to New York.
“Companies have a duty to protect their customers’ personal information from hackers, but 23andMe put millions of its customers at risk with its flimsy security measures,” said Attorney General James. “New Yorkers trusted 23andMe with their sensitive and personal genetic data, only to find that data stolen and put up for sale on the dark corners of the internet. As a result of our coalition’s action, 23andMe will pay for violating the law and strict rules will be put in place to protect their customers.”
The October 2023 data breach of 23andMe exposed sensitive genetic information belonging to millions of customers. Some of this data was then listed for sale on the dark web, exposing customers to further hacks and identity theft. 23andMe learned about the breach months after impacted personal information was publicly available. The company first denied a breach and then, once it confirmed the breach, blamed costumers for how their accounts were set up or how passwords were used.
In the immediate aftermath of the data breach, Attorney General James and the coalition began a multistate investigation and found that 23andMe failed to take critical security measures, including:
Safeguards against cyber-attacks utilizing stolen credentials including, comparing passwords against blocklists of known breached passwords or requiring multifactor authentication;
Appropriate rate limiting or intrusion prevention;
Logging, monitoring, or other tools likely to detect a data breach;
Investigating or addressing unusual login patterns, including, for example, a massive spike in login attempts;
Fixing known vulnerabilities; and
Properly reviewing and testing design features.
In March 2025, 23andMe filed for bankruptcy protection and Attorney General James and the coalition filed claims related to the data breach investigation. In June 2025, Attorney General James and a bipartisan coalition of 27 other attorneys general sued 23andMe to protect Americans’ personal genetic information during the company’s bankruptcy.
As a result of the bankruptcy, 23andMe’s customer data was sold to TTAM Research (TTAM), a non-profit formed by 23andMe’s founder and former CEO. Attorney General James and the coalition have secured new information and data security requirements at TTAM to protect customers’ data and prevent future breaches. These measures include appropriate risk analysis, the addition of an Advisory Board on data security, and continuing to offer consumers the right to delete their information. These terms will ensure that TTAM, now reregistered as 23andMe Research Institute, will be a safer custodian of genetic data moving forward.
Joining Attorney General James in securing this settlement are the attorneys general of Alabama, Alaska, Arizona, Arkansas, Colorado, Connecticut, Delaware, Florida, Georgia, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, North Carolina, North Dakota, New Hampshire, New Jersey, New Mexico, Ohio, Oklahoma, Oregon, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia, Vermont, Washington, Wisconsin, West Virginia, and the District of Columbia.
For New York, this matter was handled by Deputy Bureau Chief Clark Russell under the supervision of Bureau Chief Kim Berger of the Bureau of Internet and Technology. The Bureau of Internet and Technology is a part of the Division for Economic Justice, which is led by Chief Deputy Attorney General Chris D’Angelo and overseen by First Deputy Attorney General Jennifer Levy.
Press Release
- এলডিসি উত্তরণ ও এসডিজি বাস্তবায়নে জাতিসংঘের জোরালো সহযোগিতা চাইলেন বাংলাদেশের প্রধানমন্ত্রীর উপদেষ্টা ড. তিতুমীর
- নিউইয়র্কে জাতিসংঘে পরিকল্পনা প্রতিমন্ত্রী জোনায়েদ সাকি: এসডিজি বাস্তবায়নে প্রযুক্তি হস্তান্তর ও বৈশ্বিক অংশীদারিত্ব জোরদারের আহ্বান
- New York Attorney General James Secures $18 Million From 23andMe for Failing to Protect Customers’ Genetic Data
- LDCs need fairer global financial architecture to achieve SDGs: PM’s Adviser Dr. Titumir
- এসডিজি অর্জনে এলডিসির জন্য ন্যায্য বৈশ্বিক আর্থিক কাঠামো জরুরি: জাতিসংঘের টেকসই উন্নয়ন বিষয়ক উচ্চপর্যায়ের রাজনৈতিক ফোরামে প্রধানমন্ত্রীর উপদেষ্টা ড. তিতুমীর
- যুক্তরাষ্ট্রে বিশ্বকাপ ফাইনালের মেটলাইফ স্টেডিয়ামে বাংলাদেশী-আমেরিকান শিল্পী জিহানের চিত্রকর্ম
- বাংলাদেশের প্রধানমন্ত্রী তারেক রহমানের কাছে খোলা চিঠি ও দাবি: স্বরাষ্ট্রমন্ত্রী সালাউদ্দিন আহমেদে সাথে যুক্তরাষ্ট্র বিএনপির বৈঠক
- যে আমল না করলে কবরের তিন প্রশ্নের মধ্যে একটি প্রশ্নেরও উত্তর দেওয়া সম্ভব হবে না!