- cross-posted to:
- cybersecurity@zerobytes.monster
- cross-posted to:
- cybersecurity@zerobytes.monster
The data watchdogs of the UK and Canada will investigate genetic testing company 23andMe over a data breach in October 2023.
Hackers gained access to personal information of 6.9 million people, which in some cases included family trees, birth years and geographic locations, by using customers’ old passwords.
One of the things the joint taskforce will investigate is whether adequate safeguards had been put in place to protect such data. “We intend to cooperate with these regulators’ reasonable requests,” 23andMe said in a statement.
The data stolen in October did not include DNA records.
The company was not hacked itself - but rather criminals logged into about 14,000 individual accounts, or 0.1% of customers, by using email and password details previously exposed in other hacks.
Along with publicly-available birth and death data, that’s probably adequate to infer information about a lot of people who are not in the database.