23andMe was fined £2.31 million by the U.K. Information Commissioner's Office (ICO) for inadequate security measures prior to a major data breach in 2023. The breach affected over 6.9 million users, with hackers exploiting stolen credentials to access accounts. The ICO pointed out that the lack of multi-factor authentication for user accounts was a critical failure under U.K. data protection law. In light of the breach, 23andMe has since implemented mandatory multi-factor authentication. The ICO is in communication with 23andMe's trustee after the company sought bankruptcy protection, with a sale hearing scheduled soon.
The U.K. data protection watchdog, ICO, fined 23andMe £2.31 million for failing to safeguard personal data during a significant data breach affecting U.K. residents.
The ICO stated that 23andMe lacking multi-factor authentication was a breach of U.K. data protection law, leading to a cyberattack where hackers stole private information.
Post-breach, 23andMe announced it implemented mandatory multi-factor authentication for users, addressing the critical security vulnerability that led to the data breach.
The ICO is coordinating with 23andMe's trustee, focusing on the company's filing for bankruptcy and the ongoing sale process following the data breach incident.
Collection
[
|
...
]