23andMe, the California-based firm which sells DNA testing kits to assist individuals study their ancestry and potential well being dangers, is going through scrutiny from British and Canadian information safety authorities following a safety breach that noticed hackers compromise the non-public information of almost seven million customers.
As now we have beforehand reported, hackers revealed the information about tens of millions of 23andMe customers on a cybercrime discussion board in October 2023, exposing customers’ full names, profile pictures, dates of start, intercourse, geographic location, and genetic ancestry particulars.
Hackers had been in a position to break into the accounts of customers in a credential-stuffing assault that took benefit of these customers who had made the error of utilizing the identical password on 23andMe that they’d used on different websites.
Nonetheless, the safety breach was made a lot worse when the hackers used a 23andMe function known as “DNA Kinfolk” to scrape the main points of different 23andMe customers who had not made the password blunder.
The UK’s Info Commissioner’s Workplace (ICO) and the Workplace of the Privateness Commissioner of Canada (OPC) are actually conducting a joint investigation into the safety incident, hoping to find out its scope, assess the potential hurt precipitated to people, and consider if 23andMe had ample safeguards in place to guard delicate data.
There will even be a probe into whether or not 23andMe correctly notified information regulators and affected customers concerning the critical safety breach. As beforehand mentioned, the implications of a DNA information leak will be appreciable.
“Within the unsuitable fingers, a person’s genetic data may very well be misused for surveillance or discrimination,” mentioned Philippe Dufresne, Canada’s privateness commissioner.
23andMe has mentioned it should co-operate with the investigation, however has continued to place the main target of blame on customers who had reused login credentials.
Within the wake of the breach, all 23andMe customers had been advised to reset their passwords “out of warning,” reminded to by no means reuse their passwords, and inspired to allow multi-factor authentication.
Since final October’s information breach, 23andMe has carried out dismally as an organization. Within the wake of greater than 30 lawsuits, the corporate which was once valued at $6 billion now has a share value value pennies, and it dangers being delisted from the Nasdaq inventory alternate. Some have instructed that 23andMe’s precarious monetary situation might imply it’s imminent hazard of chapter.
Which, in itself, raises an necessary query. 23andMe’s biggest asset is its DNA database. Who would possibly find yourself shopping for that, and the way a lot care will they take to make sure that the extremely delicate information is just not mishandled or abused?
