23andMe, the California-based firm which sells DNA testing kits to assist folks find out about their ancestry and potential well being dangers, is dealing with scrutiny from British and Canadian knowledge safety authorities following a safety breach that noticed hackers compromise the private knowledge of practically seven million customers.
As we’ve got beforehand reported, hackers printed the information about tens of millions of 23andMe customers on a cybercrime discussion board in October 2023, exposing customers’ full names, profile images, dates of delivery, intercourse, geographic location, and genetic ancestry particulars.
Hackers had been in a position to break into the accounts of customers in a credential-stuffing assault that took benefit of these customers who had made the error of utilizing the identical password on 23andMe that they’d used on different websites.
Nonetheless, the safety breach was made a lot worse when the hackers used a 23andMe characteristic known as “DNA Kinfolk” to scrape the main points of different 23andMe customers who had not made the password blunder.
The UK’s Info Commissioner’s Workplace (ICO) and the Workplace of the Privateness Commissioner of Canada (OPC) are actually conducting a joint investigation into the safety incident, hoping to find out its scope, assess the potential hurt induced to people, and consider if 23andMe had enough safeguards in place to guard delicate info.
There can even be a probe into whether or not 23andMe correctly notified knowledge regulators and affected customers concerning the severe safety breach. As beforehand mentioned, the implications of a DNA knowledge leak may be appreciable.
“Within the incorrect arms, a person’s genetic info may very well be misused for surveillance or discrimination,” stated Philippe Dufresne, Canada’s privateness commissioner.
23andMe has stated it can co-operate with the investigation, however has continued to place the main target of blame on customers who had reused login credentials.
Within the wake of the breach, all 23andMe customers had been advised to reset their passwords “out of warning,” reminded to by no means reuse their passwords, and inspired to allow multi-factor authentication.
Since final October’s knowledge breach, 23andMe has carried out dismally as an organization. Within the wake of greater than 30 lawsuits, the corporate which was once valued at $6 billion now has a share value price pennies, and it dangers being delisted from the Nasdaq inventory trade. Some have instructed that 23andMe’s precarious monetary situation might imply it’s imminent hazard of chapter.
Which, in itself, raises an necessary query. 23andMe’s biggest asset is its DNA database. Who would possibly find yourself shopping for that, and the way a lot care will they take to make sure that the extremely delicate knowledge is just not mishandled or abused?
