UK Watchdogs Fine 23andMe $3.1M for Data Security Violations
UK regulators on Tuesday fined 23andMe 2.31 million pounds ($3.1 million) for data privacy violations stemming from the company's massive data breach in 2023.
The Information Commissioner's Office says the genetic testing company, which has since filed for Chapter 11 bankruptcy protection in the US, failed to put in place "appropriate" security measures to protect the personal information of its UK users, compromising that data in the breach. The UK fine comes after a joint investigation by the ICO and Canada's Office of the Privacy Commissioner.
In a statement, UK Information Commissioner John Edwards called the breach "profoundly damaging," noting that it exposed sensitive personal information, including the family histories and health conditions of thousands of people in the UK.
"Their security systems were inadequate," Edwards said. "The warning signs were there, and the company was slow to respond. This left people's most sensitive data vulnerable to exploitation and harm."
In 2023, cybercriminals breached 23andMe's systems by using a "credential-stuffing attack," which involves bombarding online accounts with huge sets of user names and passwords stolen in previous unrelated attacks. Over a period of months, the intruders were able to make off with the personal data of more than 6.9 million people, including about 155,000 UK residents.
The ICO said Tuesday that at the time of the breach, 23andMe didn't require additional verification, like a biometric indicator or a code sent to their phone, to access user accounts, which violates UK law. The company has since changed its practices to turn on two-factor authentication by default.
Mounting costs related to the breach, along with fading demand for its services, were key factors in 23andMe's decision to file for bankruptcy protection earlier this year. The move also caused tech and legal experts to wonder about the future security and privacy of the company's vast collection of consumer genetic samples and personal data.
A bid from Regeneron Pharmaceuticals to buy most of the company's assets for $256 million was met with criticism, but that company was ultimately outbid last week by the TTAM Research Institute, a nonprofit led by Anne Wojcicki, 23andMe's cofounder and former CEO. That deal remains subject to final court approval and customary closing conditions.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
an hour ago
- Yahoo
What to know about online passwords after a massive breach
An alleged breach of 16 billion passwords including some for Apple, Google and Facebook accounts has cybersecurity experts warning people to change your passwords and stop recycling them. They say using the same password on every site is dangerous because of what hackers can do if the info leaks just once. Multifactor authentication, password managers and passkeys are options for those seeking additional security. (June 20, 2025)
Fox News
an hour ago
- Fox News
Business Rundown: Apple Facing 'Stringent Regulations' Abroad
iPhone maker Apple found itself in the crosshairs of the EU's antitrust regulators this week. Now the company faces an ultimatum: comply with their rules for Big Tech or face serious fines. FOX Business co-anchor of The Big Money Show Taylor Riggs speaks with Senior Tech Fellow at the Center for European Policy Analysis, Enrique, about the business conditions for big American tech companies in Europe, Apple's choices moving forward, and how the EU's stringent regulations have stifled innovation. Photo Credit: AP Learn more about your ad choices. Visit
Yahoo
an hour ago
- Yahoo
Newsroom Ready: What to know about online passwords after a massive breach
An alleged breach of 16 billion passwords including some for Apple, Google and Facebook accounts has cybersecurity experts warning people to change your passwords and stop recycling them. They say using the same password on every site is dangerous because of what hackers can do if the info leaks just once. Multifactor authentication, password managers and passkeys are options for those seeking additional security. (June 20, 2025)
