23andMe has been fined £2.31 million by the UK's Information Commissioner's Office (ICO) due to a significant data breach in 2023 that compromised the personal information of millions. The breach resulted from a 'credential stuffing' attack, where hackers accessed accounts using reused credentials. Approximately 14,000 accounts were breached, impacting the personal data of about 6.9 million individuals, including sensitive information like health reports and family histories. Following the incident, the company has filed for bankruptcy and is being acquired by TTAM Research Institute, which has pledged to improve data security measures.
23andMe has been fined £2.31 million by the UK Information Commissioner's Office for a serious data breach exposing sensitive personal information of millions of individuals.
This was a profoundly damaging breach that exposed sensitive personal information, family histories, and even health conditions, said Information Commissioner John Edwards.
As one of those impacted told us: once this information is out there, it cannot be changed or reissued like a password or credit card number.
The ICO concluded that 23andMe had breached UK data protection law by failing to put adequate measures in place to secure user data.
Collection
[
|
...
]