London, UK – The UK and Canada are launching investigations into 23andMe following a data breach in October 2023. Hackers managed to access personal information of 6.9 million individuals, including details like family trees, birth years, and geographical locations, by exploiting customers’ old passwords.
One of the key areas of focus for the joint task force will be determining whether adequate measures were in place to safeguard such sensitive data. 23andMe has expressed its intention to cooperate with the regulators to address their inquiries.
It is important to note that the stolen data did not include DNA records, which sets this breach apart from others involving genetic testing companies. 23andMe, a prominent player in the ancestry-tracing industry, provides customers with genetic testing services for ancestry breakdowns and personalized health insights.
While 23andMe’s main database was not hacked, the criminals behind the breach managed to infiltrate around 14,000 individual accounts by utilizing email and password information obtained from previous cyber hacks. This breach not only compromised the targeted accounts but also exposed private information from interconnected users through family trees on the website.
Following the breach, 23andMe promptly informed affected customers, prompting them to update their passwords and enhance their account security measures. The UK Information Commissioner’s Office emphasized the significance of trust in genetic testing services, given the potential privacy implications for individuals and their families.
The ongoing investigation by the data watchdogs will evaluate the extent of the breach’s impact, the effectiveness of existing safeguards, and the company’s breach notification processes. Canada Privacy Commissioner Philippe Dufresene highlighted the risks of genetic information falling into the wrong hands, stressing the potential for misuse in surveillance or discriminatory practices.
Overall, the breach serves as a cautionary tale for consumers and companies alike to remain vigilant in protecting sensitive personal data in an increasingly digitized world.