{"id":91,"date":"2024-06-13T11:05:23","date_gmt":"2024-06-13T11:05:23","guid":{"rendered":"https:\/\/duosols.com\/?p=91"},"modified":"2024-06-13T11:09:01","modified_gmt":"2024-06-13T11:09:01","slug":"uk-and-canada-privacy-watchdogs-investigating-23andme-data-breach","status":"publish","type":"post","link":"https:\/\/duosols.com\/uk-and-canada-privacy-watchdogs-investigating-23andme-data-breach\/","title":{"rendered":"UK and Canada privacy watchdogs investigating 23andMe data breach"},"content":{"rendered":"<p>Privacy watchdogs in the U.K. and Canada have launched a joint investigation into the data breach at 23andMe last year.<\/p>\n<p>On Monday, the U.K,\u2019s Information Commissioner\u2019s Office (ICO) and the Office of the Privacy Commissioner of Canada (OPC) announced their investigation into the genetic testing company, saying the organizations will leverage \u201cthe combined resources and expertise of their two offices.\u201d<\/p>\n<p>Last year, 23andMe disclosed a security incident that affected the genetic and ancestry data of 6.9 million users, or roughly half of its overall user base. In its data breach notices, the company said it didn\u2019t detect the hackers\u2019 activities for around five months, from April until September 2023. 23andMe said it only became aware of the account breaches in October 2023, when hackers advertised the stolen data on the unofficial 23andMe subreddit and a well-known hacking forum.<\/p>\n<p>The stolen data included the person\u2019s name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports, and self-reported location.<\/p>\n<p>Hackers broke into around 14,000 accounts of 23andMe customers by reusing their passwords from previous breaches, a technique known as password spraying. From those 14,000 accounts, the hackers were able to scrape information on millions of other people because of an opt-in feature called the DNA Relatives, which allowed users to automatically share some of their data with other people who also had opted-in, with the goal of uncovering far-away relatives. That\u2019s how the hackers were able to scrape information on 6.9 million users by only hacking 14,000 accounts.<\/p>\n<p>In a statement, ICO Commissioner John Edwards was quoted as saying that people \u201cneed to trust that any organisation handling their most sensitive personal information has the appropriate security and safeguards in place.\u201d<\/p>\n<p>\u201cThis data breach had an international impact, and we look forward to collaborating with our Canadian counterparts to ensure the personal information of people in the U.K. is protected,\u201d said Edwards.<\/p>\n<p>The joint U.K.-Canada investigation will look into the scope of information exposed and the potential harm to the victims; whether 23andMe \u201chad adequate safeguards\u201d to protect users\u2019 sensitive data; and whether 23andMe \u201cprovided adequate notification\u201d to the ICO and the OPC.<\/p>\n<p>23andMe spokesperson Andy Kill said in a statement that \u201c23andMe acknowledges the joint investigation announced by the Privacy Commissioner of Canada and the UK Information Commissioner today. We intend to cooperate with these regulators\u2019 reasonable requests relating to the credential stuffing attack discovered in October 2023.\u201d<\/p>\n<p><em><strong>UPDATE, June 10, 12:53 p.m. ET:<\/strong> This story was updated to include 23andMe\u2019s comment.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Privacy watchdogs in the U.K. and Canada have launched a joint investigation into the data breach at 23andMe last year. On Monday, the U.K,\u2019s Information Commissioner\u2019s Office (ICO) and the Office of the Privacy Commissioner of Canada (OPC) announced their investigation into the genetic testing company, saying the organizations will leverage \u201cthe combined resources and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":92,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","rank_math_lock_modified_date":false,"inline_featured_image":false,"footnotes":""},"categories":[6],"tags":[],"class_list":["post-91","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/duosols.com\/wp-json\/wp\/v2\/posts\/91","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/duosols.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/duosols.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/duosols.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/duosols.com\/wp-json\/wp\/v2\/comments?post=91"}],"version-history":[{"count":1,"href":"https:\/\/duosols.com\/wp-json\/wp\/v2\/posts\/91\/revisions"}],"predecessor-version":[{"id":93,"href":"https:\/\/duosols.com\/wp-json\/wp\/v2\/posts\/91\/revisions\/93"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/duosols.com\/wp-json\/wp\/v2\/media\/92"}],"wp:attachment":[{"href":"https:\/\/duosols.com\/wp-json\/wp\/v2\/media?parent=91"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/duosols.com\/wp-json\/wp\/v2\/categories?post=91"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/duosols.com\/wp-json\/wp\/v2\/tags?post=91"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}