A US bankruptcy judge in St. Louis ruled that California cannot seek damages from the company formerly known as 23andMe over a 2023 data breach that exposed genetic and other personal information of an estimated 6.9 million customers.
Background
The data breach occurred in 2023, and California Attorney General Rob Bonta accused 23andMe of ignoring warnings that its systems were compromised and downplaying the breach’s severity. Bonta’s office sought potentially millions of dollars in civil fines.
However, US Bankruptcy Judge Brian Walsh said 23andMe’s Chapter 11 reorganization plan precludes the state from pursuing monetary relief against Chrome Holding Co and an affiliate. California must either dismiss its lawsuit or amend its complaint to eliminate the claims for monetary relief.
Decision
Walsh authorized a $32.46 million payment, on top of $14.29 million previously disbursed, for a total payout of $46.75 million to resolve most US customer claims from the data breach. The decision is a defeat for California Attorney General Rob Bonta, who argued that the US Congress did not give bankruptcy judges power to prohibit state law-based enforcement actions in state courts.
Original reporting: Appleton, WI News Feed (HLL/CB) — read the source article.