23andMe Genetics Testing Company Under Investigation for Data Breach | Global News
A collaboration between UK and Canadian regulatory bodies has been initiated to investigate a data breach at a DNA testing company.
The Information Commissioner’s Office (ICO) and the Office of the Privacy Commissioner of Canada (OPC) jointly announced the investigation into the October 2023 incident.
23andMe, a genetics company based in the US, analyzes DNA samples collected from its customers through at-home saliva kits to provide insights into factors such as health and ancestry.
Since 2006, the company claims to have sold over 12 million DNA testing kits, as stated on its website.
The UK and Canadian data protection regulators mentioned that they will pool their expertise and resources for the investigation.
The investigation will look into the extent of information exposed in the breach and potential risks to those affected. It will also assess the effectiveness of 23andMe’s security measures in protecting the data under its control and evaluate if the company adequately notified the two regulators and affected individuals about the breach.
The ICO expressed, “23andMe holds highly sensitive personal information, including unchanging genetic data that can reveal details about an individual’s health, ethnicity, and biological relationships.
“This underscores the importance of public trust in these services.”
Read more from Sky News:
TV presenter and conservationist Simon Cowell dies
Football club axes entire female section
The UK’s Information Commissioner, John Edwards, stated: “Individuals must trust that any organization handling their most sensitive personal information has the necessary security measures and safeguards in place.
“This data breach had global repercussions, and we are committed to working with our Canadian counterparts to safeguard the personal information of individuals in the UK.”
The Privacy Commissioner of Canada, Philippe Dufresne, warned that “In the wrong hands, an individual’s genetic information could be misused for surveillance or discrimination.”
23andMe pledged to collaborate with the regulators and address the concerns related to the credential stuffing attack discovered in October 2023.