23andMe (US:ME) TechCrunchยท2024-06-10 15:11Core Points - The U.K.'s Information Commissioner's Office (ICO) and the Office of the Privacy Commissioner of Canada (OPC) are investigating 23andMe due to a significant data breach that had international implications [1][7] - The breach involved hackers accessing around 14,000 customer accounts, which allowed them to scrape data on approximately 6.9 million users due to an opt-in feature called DNA Relatives [2][3] - The investigation will assess the extent of the exposed information, the adequacy of 23andMe's data protection measures, and whether the company provided sufficient notification to the relevant authorities [4] Data Breach Details - Last year, 23andMe reported a security incident affecting the genetic and ancestry data of 6.9 million users, which is about half of its total user base [3] - The company was unaware of the breach for around five months, from April to September 2023, and only learned of it in October 2023 when the stolen data was advertised online [3] - The compromised data included personal information such as names, birth years, relationship labels, DNA sharing percentages, ancestry reports, and self-reported locations [6] Regulatory Response - The joint investigation by the ICO and OPC aims to ensure that organizations handling sensitive personal information have appropriate security measures in place [8] - ICO Commissioner John Edwards emphasized the need for public trust in organizations managing sensitive data [8]