23andMe, the California-based firm which sells DNA testing kits to assist folks find out about their ancestry and potential well being dangers, is dealing with scrutiny from British and Canadian information safety authorities following a safety breach that noticed hackers compromise the private information of almost seven million customers.
As we’ve got beforehand reported, hackers revealed the information about thousands and thousands of 23andMe customers on a cybercrime discussion board in October 2023, exposing customers’ full names, profile pictures, dates of delivery, intercourse, geographic location, and genetic ancestry particulars.
Hackers had been capable of break into the accounts of customers in a credential-stuffing assault that took benefit of these customers who had made the error of utilizing the identical password on 23andMe that that they had used on different websites.
Nevertheless, the safety breach was made a lot worse when the hackers used a 23andMe characteristic referred to as “DNA Relations” to scrape the main points of different 23andMe customers who had not made the password blunder.
The UK’s Info Commissioner’s Workplace (ICO) and the Workplace of the Privateness Commissioner of Canada (OPC) at the moment are conducting a joint investigation into the safety incident, hoping to find out its scope, assess the potential hurt precipitated to people, and consider if 23andMe had ample safeguards in place to guard delicate info.
There can even be a probe into whether or not 23andMe correctly notified information regulators and affected customers concerning the critical safety breach. As beforehand mentioned, the implications of a DNA information leak may be appreciable.
“Within the incorrect arms, a person’s genetic info may very well be misused for surveillance or discrimination,” mentioned Philippe Dufresne, Canada’s privateness commissioner.
23andMe has mentioned it is going to co-operate with the investigation, however has continued to place the main target of blame on customers who had reused login credentials.
Within the wake of the breach, all 23andMe customers had been informed to reset their passwords “out of warning,” reminded to by no means reuse their passwords, and inspired to allow multi-factor authentication.
Since final October’s information breach, 23andMe has carried out dismally as an organization. Within the wake of greater than 30 lawsuits, the corporate which was once valued at $6 billion now has a share value price pennies, and it dangers being delisted from the Nasdaq inventory alternate. Some have steered that 23andMe’s precarious monetary situation might imply it’s imminent hazard of chapter.
Which, in itself, raises an essential query. 23andMe’s best asset is its DNA database. Who may find yourself shopping for that, and the way a lot care will they take to make sure that the extremely delicate information isn’t mishandled or abused?
