The info watchdogs of the UK and Canada will examine genetic testing firm 23andMe over an information breach in October 2023.
Hackers gained entry to non-public info of 6.9 million folks, which in some circumstances included household timber, delivery years and geographic places, by utilizing clients’ outdated passwords.
One of many issues the joint taskforce will examine is whether or not sufficient safeguards had been put in place to guard such information.
“We intend to cooperate with these regulators’ affordable requests,” 23andMe mentioned in an announcement.
The info stolen in October didn’t embrace DNA data.
23andMe is a huge of the rising ancestor-tracing business, providing genetic testing from DNA, with ancestry breakdown and personalised well being insights.
The corporate was not hacked itself – however somewhat criminals logged into about 14,000 particular person accounts, or 0.1% of shoppers, by utilizing e-mail and password particulars beforehand uncovered in different hacks.
The criminals downloaded not simply the info from these accounts however the personal info of all different customers they’d hyperlinks to throughout the household timber on the web site.
On the time, 23andMe mentioned it knowledgeable affected clients and made them change their passwords and replace account safety.
Based on the UK Info Commissioner’s Workplace (ICO), the info saved by 23andMe “can reveal details about a person and their members of the family, together with about their well being, ethnicity, and organic relationships”.
It mentioned this implies it’s “important” for the general public to belief the service.
The joint investigation between the info watchdogs will take a look at the dimensions of the hack and its potential hurt to customers in addition to whether or not sufficient safeguards had been in place.
It would additionally look into how 23andMe reported the breach, and if the agency adopted the proper processes within the UK and Canada.
“Within the fallacious fingers, a person’s genetic info may very well be misused for surveillance or discrimination,” mentioned Canada privateness commissioner Philippe Dufresene.