23andMe Fined £2.3 Million Over Data Breach
UK regulator penalises genetic testing firm for cybersecurity failures
The UK Information Commissioner’s Office has fined a major genetic testing company £2.3 million following a data breach in 2023 that exposed sensitive personal information of over 150,000 UK users.
Investigators found the company had inadequate security systems, failed to install robust authentication measures, and delayed detection of the breach, which was discovered after stolen data appeared on Reddit.
The compromise affected approximately seven million users globally, including detailed health, location, and ancestry information.
The company has since filed for bankruptcy in the U.S. and is undergoing a potential takeover by its former CEO, who has pledged stronger privacy protections and identity theft monitoring for affected customers.
Investigators found the company had inadequate security systems, failed to install robust authentication measures, and delayed detection of the breach, which was discovered after stolen data appeared on Reddit.
The compromise affected approximately seven million users globally, including detailed health, location, and ancestry information.
The company has since filed for bankruptcy in the U.S. and is undergoing a potential takeover by its former CEO, who has pledged stronger privacy protections and identity theft monitoring for affected customers.
