Saturday, June 22, 2024
HomeTechnologyUK and Canada privateness watchdogs investigating 23andMe knowledge breach

UK and Canada privateness watchdogs investigating 23andMe knowledge breach

Privateness watchdogs within the U.Okay. and Canada have launched a joint investigation into the information breach at 23andMe final 12 months. 

On Monday, the U.Okay,’s Data Commissioner’s Workplace (ICO) and the Workplace of the Privateness Commissioner of Canada (OPC) introduced their investigation into the genetic testing firm, saying the organizations will leverage “the mixed sources and experience of their two places of work.” 

Final 12 months, 23andMe disclosed a safety incident that affected the genetic and ancestry knowledge of 6.9 million customers, or roughly half of its general consumer base. In its knowledge breach notices, the corporate stated it didn’t detect the hackers’ actions for round 5 months, from April till September 2023. 23andMe stated it solely grew to become conscious of the account breaches in October 2023, when hackers marketed the stolen knowledge on the unofficial 23andMe subreddit and a well known hacking discussion board. 

The stolen knowledge included the particular person’s identify, start 12 months, relationship labels, the share of DNA shared with kinfolk, ancestry stories, and self-reported location.

Hackers broke into round 14,000 accounts of 23andMe clients by reusing their passwords from earlier breaches, a method referred to as password spraying. From these 14,000 accounts, the hackers have been in a position to scrape data on thousands and thousands of different folks due to an opt-in function known as the DNA Kin, which allowed customers to mechanically share a few of their knowledge with different individuals who additionally had opted-in, with the aim of uncovering far-away kinfolk. That’s how the hackers have been in a position to scrape data on 6.9 million customers by solely hacking 14,000 accounts. 

In a press release, ICO Commissioner John Edwards was quoted as saying that folks “must belief that any organisation dealing with their most delicate private data has the suitable safety and safeguards in place.” 

“This knowledge breach had a world impression, and we stay up for collaborating with our Canadian counterparts to make sure the non-public data of individuals within the U.Okay. is protected,” stated Edwards. 

The joint U.Okay.-Canada investigation will look into the scope of data uncovered and the potential hurt to the victims; whether or not 23andMe “had enough safeguards” to guard customers’ delicate knowledge; and whether or not 23andMe “offered enough notification” to the ICO and the OPC. 

23andMe spokespeople didn’t instantly reply to a request for remark.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments