The UK's Information Commissioner's Office has fined genetic testing company 23andMe £2.31 million following a significant data breach in 2023. The breach, attributed to inadequate security measures, exposed sensitive health information of about 155,000 UK residents. Hackers accessed accounts via a 'credential stuffing' attack, potentially affecting 6.9 million users. The ICO criticized 23andMe for lacking multi-factor authentication and other safeguards. Although DNA data remained secure, the breach highlighted serious flaws affecting personal data protection under GDPR. The incident serves as a reminder of the risks associated with handling sensitive personal information.
This was a profoundly damaging breach that exposed sensitive personal information, family histories, and even health conditions. Their security systems were inadequate.
As one of those impacted told us: once this information is out there, it cannot be changed or reissued like a password or credit card number.
Collection
[
|
...
]