Future Retirement Success
  • Politics
  • Business
  • Investing
  • Stocks
  • Politics
  • Business
  • Investing
  • Stocks

Future Retirement Success

Business

UK watchdog fines 23andMe for ‘profoundly damaging’ data breach

by June 18, 2025
June 18, 2025
UK watchdog fines 23andMe for ‘profoundly damaging’ data breach

The UK’s data protection regulator has fined genetic testing firm 23andMe £2.31 million following a large-scale data breach in 2023 that exposed the personal and sensitive health information of thousands of users, including over 155,000 UK residents.

The Information Commissioner’s Office (ICO) said on Monday that 23andMe had failed to implement basic security measures, leaving sensitive user information—including health reports, racial and ethnic identity, profile images, and family histories—vulnerable to cyberattack.

“This was a profoundly damaging breach that exposed sensitive personal information, family histories, and even health conditions,” said Information Commissioner John Edwards. “Their security systems were inadequate, the warning signs were there, and the company was slow to respond.”

The breach originated in October 2023, when hackers launched what’s known as a “credential stuffing” attack. Using usernames and passwords obtained from previous unrelated data leaks, attackers were able to access 14,000 individual 23andMe accounts. Crucially, because 23andMe links users to their genetic relatives, this gave attackers the ability to extract data on an estimated 6.9 million people connected through the platform.

Although DNA data was not compromised, the stolen information included special category data under UK law—such as ethnicity, health information and familial relationships—which requires stricter protection under GDPR due to its highly sensitive nature.

“As one of those impacted told us: once this information is out there, it cannot be changed or reissued like a password or credit card number,” Edwards said.

The ICO’s investigation, conducted in parallel with the Office of the Privacy Commissioner of Canada (OPC), found that 23andMe had breached UK data protection law by failing to implement multi-factor authentication (MFA), weak password policies, and insufficient controls over downloading raw genetic data.

The fine comes as 23andMe is undergoing bankruptcy proceedings and preparing to sell its assets. The company said last week it had agreed to a $305 million sale to the TTAM Research Institute, a non-profit biotechnology group led by co-founder and former CEO Anne Wojcicki. The deal is set to be reviewed by a bankruptcy court on Wednesday.

The sale replaces a previously proposed $256 million deal with Regeneron Pharmaceuticals. According to 23andMe, the higher-value TTAM deal includes binding commitments to enhance customer privacy and data protection—key concerns raised by regulators in both the UK and Canada.

Under the terms of the acquisition, the company said it would continue to allow users to delete their accounts, erase genetic data, and opt out of research participation.

In a statement, 23andMe said it had addressed the issues raised by the ICO and OPC by the end of 2024, implementing the recommended changes including additional security features.

Still, regulators remain cautious. Both watchdogs have called on the company to uphold ongoing privacy standardsduring and after the bankruptcy sale, particularly due to the sensitive nature of the data it holds.

The case represents a significant moment in the regulation of consumer-facing tech firms handling biometric and health-related data. While companies like 23andMe have gained popularity for their accessible genetic testing services, privacy advocates have long raised concerns about how such sensitive data is stored, shared, and monetised.

The ICO said it hoped the fine would send a message across the sector.

“This case highlights the need for robust authentication and verification processes,” Edwards added. “Organisations handling sensitive data must do more than the minimum to protect it.”

As data security standards tighten globally and consumer trust continues to falter in the wake of high-profile breaches, companies dealing in personal genomics may face increased scrutiny over how they manage the intersection of science, commerce, and privacy.

Read more:
UK watchdog fines 23andMe for ‘profoundly damaging’ data breach

0
FacebookTwitterGoogle +Pinterest
previous post
Biden-appointed judge blocks Trump’s move to only allow two genders on US passports
next post
Reviews show Tories wasted billions of pounds on HS2, transport secretary to say

You may also like

SMEs are at risk of losing a David...

March 30, 2023

Rishi Sunak reshuffle’s cabinet with Cleverly replacing Braverman...

November 13, 2023

How Shakira Millar Built a Compassion-Driven ABA Practice

November 9, 2024

High Street closures set to surge in 2025...

January 2, 2025

JoJo Maman Bébé launch ‘Helping Hands’ Community Grants...

July 18, 2023

Secrets of Success: Jamie Shaw, CEO, Shawton Energy

October 9, 2024

How to Understand Market Cycles in Cryptocurrency

March 26, 2025

Redefining Women’s Health: A Candid Q&A with Dr....

February 12, 2025

Virgin hails green light to challenge Eurostar as...

April 1, 2025

Rolls-Royce and Bentley accelerate over the past 12...

January 10, 2023

    Get free access to all of the retirement secrets and income strategies from our experts! or Join The Exclusive Subscription Today And Get the Premium Articles Acess for Free

    By opting in you agree to receive emails from us and our affiliates. Your information is secure and your privacy is protected.

    Recent Posts

    • TikToker knocks Harris’ ‘weird’ take on never released interview: ‘Not good’

      July 8, 2025
    • ‘Who wouldn’t want it?’: Netanyahu open to receiving stealth bombers, bunker-busters from US

      July 8, 2025
    • Iran says it can strike the US and Israel for two years. Does it really have that power?

      July 8, 2025
    • New book reveals what top ex-Biden aide was thinking during disastrous debate

      July 8, 2025
    • TSA expected to end shoes-off policy at many airports across US

      July 8, 2025
    • Trump administration moves decisively to block China from ‘weaponizing’ American farmland

      July 8, 2025

    Categories

    • Business (8,421)
    • Investing (2,106)
    • Politics (15,974)
    • Stocks (3,193)
    • About us
    • Privacy Policy
    • Terms & Conditions

    Disclaimer: futureretirementsuccess.com, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

    Copyright © 2025 futureretirementsuccess.com | All Rights Reserved