Latest news with #JohnEdwards
CTV News
18 hours ago
- CTV News
Hamilton police release video of missing man as search enters second week
John Edwards captured on security camera walking at an Esso gas station in Hamilton on Wednesday, June 11, 2025. (Hamilton Police Service) Hamilton police have released a new video of a missing 62-year-old man as the search for him enters a second week. A security camera caught John Edwards walking at an Esso gas station at 947 Centre Road at 3:10 p.m. on June 11. 'Over the past several days, officers and community partners have conducted extensive ground searches and reviewed hours of surveillance footage in an effort to retrace Mr. Edwards' movements and locate him safely,' Hamilton police said in a news release accompanying the video on Thursday. 'Investigators have positively tracked Mr. Edwards through various locations in Dundas throughout the morning of June 11. His movements included frequent stops, seemingly to pick up items from the ground, and lacked a clear destination.' Police said Edwards left St. Joseph's Villa at 9:15 a.m. that day. Just before 10 a.m., he was seen walking west on the north side of Baldwin Street, passing the McDonald's on Cootes Drive. He passed Memorial Square at 10:14 a.m., police said. Edwards turned south onto John Street and was seen on video walking west on King Street at Peel Street at 10:39 a.m. After walking through the Esso parking lot to Concession 6, he proceeded southwest, police said. 'John is known to enjoy walks through local trails and parks in Dundas and is familiar with the area. It is unusual for him not to return home, and there is growing concern for his well-being,' police said in a previous news release. Edwards is described as five-foot-eleven, weighs about 214 pounds, has shoulder-length brown hair and brown eyes, and walks with a slight shuffle. He may be carrying a small, light-coloured ball in his hand. Police said he was last seen wearing baggy shorts, a striped blue T-shirt, white socks, running shoes and possibly a ball cap. They are asking residents in Dundas, Flamborough and Waterdown to check their properties and review security, doorbell or dashcam footage recorded on June 11. Anyone with information is asked to contact the Missing Persons Unit at 905-540-8549 or Crime Stoppers anonymously at 1-800-222-8477.
CTV News
2 days ago
- Politics
- CTV News
Lack of appropriate safeguards led to 23andMe data breach, joint investigation finds
Federal privacy commissioner Philippe Dufresne, left, and U.K. information commissioner John Edwards hold a press conference at the National Press Theatre in Ottawa on Tuesday, June 17, 2025. THE CANADIAN PRESS/Sean Kilpatrick
CNET
3 days ago
- Business
- CNET
UK Watchdogs Fine 23andMe $3.1M for Data Security Violations
UK regulators on Tuesday fined 23andMe 2.31 million pounds ($3.1 million) for data privacy violations stemming from the company's massive data breach in 2023. The Information Commissioner's Office says the genetic testing company, which has since filed for Chapter 11 bankruptcy protection in the US, failed to put in place "appropriate" security measures to protect the personal information of its UK users, compromising that data in the breach. The UK fine comes after a joint investigation by the ICO and Canada's Office of the Privacy Commissioner. In a statement, UK Information Commissioner John Edwards called the breach "profoundly damaging," noting that it exposed sensitive personal information, including the family histories and health conditions of thousands of people in the UK. "Their security systems were inadequate," Edwards said. "The warning signs were there, and the company was slow to respond. This left people's most sensitive data vulnerable to exploitation and harm." In 2023, cybercriminals breached 23andMe's systems by using a "credential-stuffing attack," which involves bombarding online accounts with huge sets of user names and passwords stolen in previous unrelated attacks. Over a period of months, the intruders were able to make off with the personal data of more than 6.9 million people, including about 155,000 UK residents. The ICO said Tuesday that at the time of the breach, 23andMe didn't require additional verification, like a biometric indicator or a code sent to their phone, to access user accounts, which violates UK law. The company has since changed its practices to turn on two-factor authentication by default. Mounting costs related to the breach, along with fading demand for its services, were key factors in 23andMe's decision to file for bankruptcy protection earlier this year. The move also caused tech and legal experts to wonder about the future security and privacy of the company's vast collection of consumer genetic samples and personal data. A bid from Regeneron Pharmaceuticals to buy most of the company's assets for $256 million was met with criticism, but that company was ultimately outbid last week by the TTAM Research Institute, a nonprofit led by Anne Wojcicki, 23andMe's cofounder and former CEO. That deal remains subject to final court approval and customary closing conditions.
CTV News
3 days ago
- Business
- CTV News
Genetic testing firm 23andMe faces large fine for failing to protect customer data
Privacy Commissioner of Canada Philippe Dufresne leaves after a news conference at the National Press Theatre in Ottawa on Thursday, Feb. 29, 2024. (THE CANADIAN PRESS/Justin Tang) Genetic testing company 23andMe failed to take basic steps to protect customer data, according to a joint investigation by Canada and the U.K. into a massive global data breach that resulted in information from nearly seven million people being posted for sale online. As a result, the U.K. is imposing a £2.31 million (C$4.24 million) fine on the company. Canada does not have the power to impose a similar penalty under current privacy laws. Canada's privacy commissioner Philippe Dufresne and U.K. information commissioner John Edwards revealed their findings at a news conference in Ottawa on Tuesday morning. 'With data breaches growing in severity and complexity, and ransomware and malware attacks rising sharply, any organization that is not taking steps to prioritize data protection and address these threats is increasingly vulnerable,' Dufresne said on Tuesday. 'Our investigation found that these types of security measures were not in place at 23andMe.' In September, 23andMe agreed to pay US$30 million to settle a lawsuit after hackers accessed the personal data of 6.9 million customers and posted their information for sale on the dark web, including data from nearly 320,000 people in Canada and more than 150,000 people in the U.K. The 2023 attack appeared to specifically target customers with Chinese and Ashkenazi Jewish ancestry. 'The compromised data included highly sensitive information related to health, race and ethnicity information as well as information about relatives, date of birth, sex at birth and gender,' Dufresne explained. 'Much of this information was derived from individuals' DNA. The breach serves as a cautionary tale for all organizations about the importance of data protection in an era of growing cyber threats.' The joint investigation by privacy authorities in Canada and the U.K. was launched in June 2024 to examine the scope of the breach and 23andMe's response. 'In the wrong hands, an individual's genetic information could be misused for surveillance or discrimination,' Dufresne said in a news release when the investigation was announced. 'Ensuring that personal information is adequately protected against attacks by malicious actors is an important focus for privacy authorities in Canada and around the world.' 23andMe filed for bankruptcy in March. On June 13, it was announced that a non-profit led by 23andMe co-founder Anne Wojcicki would purchase the troubled company for US$305 million. Founded in 2006, 23andMe claims to have more than 15 million customers worldwide. The business was centred on at-home DNA testing kits that use saliva samples to provide genetic insights about health risks and ancestry. The California-based company went public in 2021, but never made a profit. '23AndMe failed to take basic steps to protect people's information,' Edwards said at the press conference on Tuesday. 'Their security systems were inadequate, the warning signs were there and the company was slow to respond. This left people's most sensitive personal data vulnerable to exploitation and harm.' The investigation also found that 23andMe did not adequately notify regulators and affected customers of the breach as required by Canadian and U.K. laws. Dufresne said they were concerned to find the stolen data was later offered for sale online. 'Strong data protection must be a priority for organizations, especially those that are holding sensitive personal information,' Dufresne said. 'Organizations must also take proactive steps to protect against cyberattacks. This includes using multi-factor authentication, strong minimum password requirements, compromised password checks, and adequate monitoring to detect abnormal activity.' Dufresne also called for modernized privacy laws in Canada that would allow him to issue fines and orders like his counterpart in the U.K. 'This is something that exists broadly around the world in privacy authorities and it is something that is necessary,' Dufresne said. 'You can see in a case like this in terms of cybersecurity, in terms of things where time is of the essence, where there are real consequence, this is a gap.' In a statement to CTV News, a 23andMe spokesperson said by the end of 2024 the company 'had implemented multiple steps to increase security to protect individual accounts and information.' 23andMe's new owner, they added, has 'made several binding commitments to enhance protections for customer data and privacy,' including allowing users to delete their accounts and opt out of having their information used for research. 23andMe saliva collection kit A 23andMe saliva collection kit is shown on March 25, 2025, in Oakland, Calif. (AP Photo/Barbara Ortutay) With files from Reuters and CNN
The Independent
3 days ago
- Business
- The Independent
DNA testing firm 23andMe fined £2.31m for ‘serious security failings'
Genetic testing firm 23andMe has been fined £2.31 million by the UK's data protection watchdog for 'serious security failings' after personal information of more than 155,000 UK users was accessed in a major cyber attack. The Information Commissioner's Office (ICO) said the DNA testing kit firm, which filed for bankruptcy in the US in March, failed to properly protect UK user data and also responded inadequately to the hack in 2023. The penalty follows a joint investigation between the ICO and the Office of the Privacy Commissioner of Canada. The attack, which took place between April and September 2023, saw personal information of 155,592 UK residents accessed by the hacker, potentially revealing names, birth years, some addresses, profile images, race, ethnicity, family trees and health reports. The ICO said its investigation found 23andMe did not have extra verification steps for users to access and download their raw genetic data, while it also failed to have adequate authentication and verification measures in place, such as mandatory multi-factor authentication, secure password protocols or unpredictable usernames. The firm also did not have effective systems in place to monitor, detect or respond to cyber threats targeting its customers' sensitive information. Information Commissioner John Edwards said: 'This was a profoundly damaging breach that exposed sensitive personal information, family histories and even health conditions of thousands of people in the UK. 'As one of those impacted told us: once this information is out there, it cannot be changed or reissued like a password or credit card number. '23andMe failed to take basic steps to protect this information. 'Their security systems were inadequate, the warning signs were there, and the company was slow to respond. 'This left people's most sensitive data vulnerable to exploitation and harm.'
