Attorney General Mayes Demands Answers from 23andMe on Data Breach

PHOENIX – Last week, Attorney General Kris Mayes sent a letter to 23andMe, Inc., in response to a data breach affecting nearly 7 million customers.

“Arizonans deserve full transparency regarding the unauthorized access of their most personal data – their genetic information,” said Attorney General Mayes. “I expect comprehensive answers from 23andMe as quickly as possible.”

The Attorney General is seeking detailed information on the number of Arizonans affected, the specific nature of compromised data for Arizona residents, the timeline and method of notification to affected individuals, compliance with Arizona’s data breach notification statute, and the potential exposure of this data on the dark web.

Particularly alarming is the reported breach of data belonging to one million users of Ashkenazi Jewish heritage and 100,000 users of Chinese ancestry.

“The hacking of sensitive data identifying specific racial or ethnic groups is particularly reprehensible given the national rise in hate crimes, including antisemitic and anti-Asian incidents,” said Mayes. “Profiting from the collection of such data, only for it to land in the hands of cybercriminals, is wholly indefensible. And it is long overdue for companies with substantial information technology capabilities to stop blaming victims for predictable data security incidents, particularly where those companies fail to use available security measures.”

Additionally, the Attorney General has requested thorough information on 23andMe's security protocols and future measures to prevent similar breaches.

“Since this breach became public, Arizonans are rightly concerned about the safeguarding of their sensitive genetic data,” said Mayes. “It is imperative that 23andMe address these concerns immediately and transparently.”