Attorney General Kris Mayes says a popular genetic testing company violated Arizona law by not informing state officials of a data breach that impacted millions of customers.
Hackers accessed the personal data of 14,000 23andMe users in October. The company says they then used the files to access the ancestry of an additional 6.9 million people.
Mayes requested more information about the breach and how it impacted Arizona users in a letter to 23andMe Thursday.
“Arizonans deserve full transparency regarding the unauthorized access of their most personal data — their genetic information,” Mayes said in a statement. “I expect comprehensive answers from 23andMe as quickly as possible.”
Data from a million users of Ashkenazi Jewish heritage and 100,000 of Chinese ancestry was also included in the breach. Mayes called the exposure of data that identifies specific racial or ethnic groups as “particularly reprehensible” given the recent national rise in hate crimes.
She also detailed that state law mandates companies notify the Arizona Department of Homeland Security of similar breaches within 45 days of discovery.
The company has not responded to Mayes’ letter.