Investigation launched into genetic testing company 23andMe following security breach
A collaborative investigation into a data breach at a DNA testing company has been initiated by regulatory authorities in the UK and Canada.
The Information Commissioner’s Office (ICO) and the Office of the Privacy Commissioner of Canada (OPC) jointly announced the probe into the incident that occurred in October 2023.
Based in the US, genetics company 23andMe specializes in analyzing customers’ DNA using home saliva collection kits to provide insights on health and ancestry.
Since 2006, the company claims to have sold over 12 million DNA testing kits, as per its website.
The data protection regulators from the UK and Canada stated that they will pool their expertise and resources to conduct a thorough investigation together.
The inquiry will focus on the extent of information exposed in the breach and the potential risks to those affected.
Additionally, the investigators will examine the effectiveness of 23andMe’s security measures to safeguard the data under its control, as well as assess whether the company adequately notified the two regulators and affected individuals about the breach.
The ICO emphasized the sensitivity of the personal information handled by 23andMe, which includes unchanging genetic data that can reveal details about an individual’s health, ethnicity, and biological relationships.
“This underscores the importance of public trust in such services,” the ICO stated.
Read more from Sky News:
TV presenter and conservationist Simon Cowell dies
Football club axes entire female section
The UK’s information commissioner, John Edwards, emphasized the need for organizations handling sensitive personal information to have appropriate security measures in place to gain trust from individuals.
He also stated, “This data breach had international repercussions, and we are committed to collaborating with our Canadian counterparts to ensure the protection of personal information of individuals in the UK.”
Stay updated on all the latest news from the UK and around the world by following Sky News
The Privacy Commissioner of Canada, Philippe Dufresne, warned about the misuse of an individual’s genetic data in the wrong hands, highlighting the potential risks of surveillance or discrimination.
In their response, 23andMe stated, “We are willing to cooperate with the regulators’ requests relating to the credential stuffing attack discovered in October 2023.”
