Identity, Data Security, Privacy

23andMe breach subjected to joint UK, Canada investigation

In this photo illustration, 23andMe logo of a biotechnology company is seen on a smartphone and a pc screen in the background. (Photo Illustration by Pavlo Gonchar/SOPA Images/LightRocket via Getty Images)

TechCrunch reports that the Office of the Privacy Commissioner of Canada and the UK's Information Commissioner's Office have partnered to conduct a joint probe into last year's massive data breach at 23andMe, which resulted in the compromise of sensitive information belonging to 6.9 million users.

Aside from investigating the extent of data exposure and possible harm to impacted individuals, both the OPC and ICO will also be looking into the U.S. genetic testing provider's implementation of data security protections, as well as the timeliness of breach notifications to regulators.

"This data breach had an international impact, and we look forward to collaborating with our Canadian counterparts to ensure the personal information of people in the UK is protected," said ICO Commissioner John Edwards.

Meanwhile, 23andMe has already committed to collaborate in the joint probe.

"We intend to cooperate with these regulators’ reasonable requests relating to the credential stuffing attack discovered in October 2023," said 23andMe spokesperson Andy Kill.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.