Tue, 17 Jun 2025
The fine comes as the DNA testing firm, which filed for bankruptcy in March, is set to be sold to a new owner.
* DNA testing firm 23andMe has been fined £2.31m by the UK's Information Commissioner's Office (ICO) over a data breach in October 2023.
* The breach affected thousands of people, with hackers gaining access to 14,000 individual accounts and downloading information about 6.9m people linked to those accounts.
* The breach exposed sensitive personal information, including names, year of birth, geographical information, profile images, race, ethnicity, health reports, and family trees.
* However, stolen data did not include DNA records.
* The ICO investigation found that 23andMe breached UK data protection law by not having adequate measures in place to secure user data.
* The company failed to have mandatory multi-factor authentication, secure password requirements, and additional verification requirements for users trying to download raw genetic data.
* The breach was described as "profoundly damaging" and left people's most sensitive data vulnerable to exploitation and harm.
* 23andMe has since filed for bankruptcy and is set to be sold to a new owner, TTAM Research Institute, which has made commitments to enhance protections for customer data and privacy.
>>
Terms of Use | Privacy Policy | Manage Cookies+ | Ad Choices | Accessibility & CC | About | Newsletters | Transcripts
Business News Top © 2024-2025