UK, Canada investigate 23andMe data breach: Report  

Authorities in UK and Canada launched a joint investigation to assess the scope of sensitive information exposed in 23andMe data breach  

Published - June 12, 2024 04:31 pm IST

Privacy authorities in Canada and the United Kingdom have launched a joint investigation to assess the scope of sensitive customer information exposed in 23andMe data breach.

Privacy authorities in Canada and the United Kingdom have launched a joint investigation to assess the scope of sensitive customer information exposed in 23andMe data breach. | Photo Credit: Reuters

Privacy authorities in Canada and the United Kingdom have launched a joint investigation to assess the scope of sensitive customer information exposed in last year’s 23andMe data breach

The Privacy Commissioner of Canada and The Information Commissioner’s Office (ICO) said they will look into whether the company had adequate safeguards to secure customer data stores on its systems, a report from Bleeping Computer said.

The investigation will also focus on examining if the company alerted affected individuals and the privacy regulators required under Canadian and UK privacy and data protection laws.

The data breach occurred in January last year when 23andMe confirmed that attackers stole health reports and raw genotype data of affected customers in a five-month credential stuffing attack. Attackers used credentials stolen from other data breaches or compromised online platforms to breach 23andMe accounts.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

At the time the company issued a notification requiring customers to reset their passwords. Later, the company also enabled two-factor authentication by default for all new and existing customers. The leaked information included data of 4.1 million people living in the United Kingdom and 1 million Ashkenazi Jews.

The breach prompted multiple lawsuits filed against 23andMe prompting the company to update its Terms of use making it difficult for users to join class action lawsuits. However, the company said this was done to make the arbitration process more efficient and accessible for customers to understand.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.