UK watchdog fines 23andMe for 'profoundly damaging' data breach

Auto Amazon Links: No products found. Blocked by captcha.

23andMe, a DNA testing firm, has been fined £2.31m by a UK watchdog due to a data breach that took place in 2023, affecting thousands of individuals. The Information Commissioner’s Office (ICO) stated that 23andMe did not implement sufficient measures to safeguard sensitive user data prior to the incident. Information Commissioner John Edwards described the breach as “profoundly damaging,” exposing personal information, family histories, and health conditions.

The company, which has subsequently filed for bankruptcy, is in the process of being sold to a new owner known as TTAM Research Institute. This new owner has committed to enhancing protections for customer data and privacy. In October 2023, 23andMe’s users were targeted in what is known as a “credential stuffing” attack, where hackers utilized passwords obtained in previous breaches to access accounts. This resulted in access to 14,000 individual accounts and information related to approximately 6.9m people who were potentially related on the website.

The stolen data, which included personal information of 155,592 UK residents, such as names, year of birth, geographical details, profile images, race, ethnicity, health reports, and family trees, did not involve DNA records. Genetic data is classified as special category data under UK data protection law due to its sensitive nature and necessitates additional protection. The investigation by the ICO, conducted jointly with Canada’s privacy commissioner, found that 23andMe breached UK data protection law by lacking appropriate authentication and verification measures for customers during the login process.

23andMe did not have mandatory multi-factor authentication, secure password requirements, or additional verification measures for users trying to download raw genetic data. Mr Edwards emphasized that these failures left individuals’ most sensitive data exposed to exploitation and harm. Despite resolving the identified issues by the end of 2024, both the ICO and the Office of the Privacy Commissioner of Canada reiterated the importance of protecting customers’ sensitive personal data amidst the company’s bankruptcy proceedings. The sale of 23andMe to TTAM Research Institute, led by co-founder Anne Wojcicki, is pending approval by a bankruptcy court

Read the full article from The BBC here: Read More

Auto Amazon Links: No products found. Blocked by captcha.

UK watchdog fines 23andMe for 'profoundly damaging' data breach

UK News

Popular Articles

Newspaper headlines: Starmer 'in denial' and 'from Russia with shove'

Emily Eavis on Glastonbury's magical 'Thursday Feeling'

Womb lining test offers miscarriage hope to women

Oxford English Dictionary is hoaching with new Scottish words

Ticket touts employing workers to bulk-buy for concerts

NI Health: Patients spending over a week in emergency departments

Andrew Tate civil trial moved forward by judge to summer 2026

Sir Gareth Southgate: I don't miss managing England

Stormzy receives doctorate from the University of Cambridge

Wandsworth neighbour jailed for doorbell camera abuse and threats