23andMe Fined £2.3M for Major Data Breach
23andMe Fined £2.3M for Major Data Breach

23andMe Fined £2.3M for Major Data Breach

News summary

The UK Information Commissioner's Office (ICO) fined 23andMe £2.31 million after a 2023 data breach exposed the genetic and personal data of over 150,000 UK residents and millions globally. The breach, which lasted from April to September 2023, involved hackers using credential stuffing attacks to access and scrape health, family, ethnicity, and genetic data, with some of the information later posted online. Investigations by both the ICO and Canada’s privacy commissioner found that 23andMe lacked adequate authentication, including multi-factor authentication, and failed to respond promptly, only acting after data surfaced for sale on Reddit. The breach led to significant fallout, including the company's US bankruptcy filing and impending sale to new ownership committed to improving data protection. Regulators highlighted that genetic data is protected under special UK legal categories and stressed the irreversible harm from such leaks. Privacy advocates noted that, unlike passwords or credit cards, genetic data cannot be changed if compromised.

Story Coverage
Bias Distribution
57% Left
Information Sources
166bc319-c612-4063-955b-1bdc4fec97ffdaae85f0-2883-42fc-b085-888140adf30dbd68667e-abfe-4783-a143-3b1ae84b823271639883-fbbd-48af-8cc3-393f63e7b2ef
+3
Left 57%
Center 43%
Coverage Details
Total News Sources
7
Left
4
Center
3
Right
0
Unrated
0
Last Updated
21 days ago
Bias Distribution
57% Left
Related News
Daily Index

Negative

24Serious

Neutral

Optimistic

Positive

Ask VT AI
Story Coverage
Subscribe

Stay in the know

Get the latest news, exclusive insights, and curated content delivered straight to your inbox.

Present

Gift Subscriptions

The perfect gift for understanding
news from all angles.

Related News
Recommended News