Maryland Attorney General Anthony G. Brown has joined a coalition of 42 attorneys general in announcing an $18 million settlement with 23andMe over the company’s 2023 data breach, which exposed the personal and genetic information of 6.9 million customers worldwide, including 94,298 Maryland residents.
According to the Attorney General’s Office, investigators found 23andMe failed to implement basic cybersecurity measures, allowing customer information, including genetic ancestry data, to be exposed. Some of the stolen information was later offered for sale on the dark web. Brown said Marylanders trusted the company to protect their highly sensitive genetic information, but it failed to do so.
As part of the settlement and bankruptcy proceedings, stronger privacy and security requirements will now apply to the company’s consumer data, including enhanced security standards, independent oversight, and expanded rights for consumers to access and delete their genetic information.