Topics
Latest
AI
Amazon
Image Credits:Justin Sullivan / Getty Images
Apps
Biotech & Health
Climate
Image Credits:Justin Sullivan / Getty Images
Cloud Computing
Department of Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
back
Government & Policy
Hardware
layoff
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
Social
Space
startup
TikTok
Transportation
speculation
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
picture
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Privacy watchdog in the U.K. and Canada have launched a joint investigation into the data breach at 23andMe last twelvemonth .
On Monday , the U.K , ’s Information Commissioner ’s Office ( ICO ) and the Office of the Privacy Commissioner of Canada ( OPC)announced their investigationinto the genetic examination fellowship , say the organizations will leverage “ the combined resourcefulness and expertise of their two offices . ”
Last year , 23andMe disclosed a certificate incident thataffected the genetic and ancestry data of 6.9 million users , or roughly half of its overall user base . In its data breach observance , the company saidit did n’t detect the cyberpunk ’ activities for around five calendar month , from April until September 2023 . 23andMe say it only became aware of the score rift in October 2023 , whenhackers advertised the stolen dataon the unofficial 23andMe subreddit and a well - known hacking forum .
The stolen data point included the person ’s name , nativity yr , family relationship recording label , the portion of DNA shared with relation , ancestry reports , and ego - reported location .
Hackers break into around 14,000 accounting of 23andMe customers by reusing their passwords from premature breaches , a proficiency be intimate aspassword spraying . From those 14,000 account , the cyber-terrorist were able-bodied to scrape selective information on millions of other hoi polloi because of an opt - in feature called the DNA Relatives , which allowed drug user to automatically share some of their data with other the great unwashed who also had choose - in , with the goal of uncover far - away relatives . That ’s how the hackers were able-bodied to skin information on 6.9 million users by only hacking 14,000 account .
In a command , ICO Commissioner John Edwards was quoted as suppose that multitude “ involve to believe that any organisation deal their most sensitive personal information has the appropriate security and safeguard in place . ”
“ This data point breach had an international impact , and we see forward to collaborating with our Canadian counterparts to ensure the personal information of people in the U.K. is protect , ” said Edwards .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
The joint U.K.-Canada investigation will look into the telescope of info exposed and the potential harm to the victim ; whether 23andMe “ had adequate safeguards ” to protect exploiter ’ sensitive data ; and whether 23andMe “ allow adequate notification ” to the ICO and the OPC .
23andMe spokesperson Andy Kill said in a affirmation that “ 23andMe receipt the joint investigation announced by the Privacy Commissioner of Canada and the UK Information Commissioner today . We specify to cooperate with these regulators ’ fair requests relating to the credential dressing onrush discovered in October 2023 . ”
UPDATE , June 10 , 12:53 p.m. ET : This story was updated to admit 23andMe ’s comment .
