The information watchdogs of the UK and Canada will examine genetic testing firm 23andMe over a knowledge breach in October 2023.
Hackers gained entry to non-public data of 6.9 million folks, which in some instances included household bushes, start years and geographic places, by utilizing clients’ outdated passwords.
One of many issues the joint taskforce will examine is whether or not sufficient safeguards had been put in place to guard such information.
“We intend to cooperate with these regulators’ affordable requests,” 23andMe mentioned in a press release.
The information stolen in October didn’t embrace DNA data.
23andMe is a huge of the rising ancestor-tracing business, providing genetic testing from DNA, with ancestry breakdown and personalised well being insights.
The corporate was not hacked itself – however slightly criminals logged into about 14,000 particular person accounts, or 0.1% of shoppers, by utilizing electronic mail and password particulars beforehand uncovered in different hacks.
The criminals downloaded not simply the info from these accounts however the non-public data of all different customers that they had hyperlinks to throughout the household bushes on the web site.
On the time, 23andMe mentioned it knowledgeable affected clients and made them change their passwords and replace account safety.
In keeping with the UK Data Commissioner’s Workplace (ICO), the info saved by 23andMe “can reveal details about a person and their members of the family, together with about their well being, ethnicity, and organic relationships”.
It mentioned this implies it’s “important” for the general public to belief the service.
The joint investigation between the info watchdogs will have a look at the dimensions of the hack and its potential hurt to customers in addition to whether or not sufficient safeguards have been in place.
It can additionally look into how 23andMe reported the breach, and if the agency adopted the proper processes within the UK and Canada.
“Within the improper fingers, a person’s genetic data might be misused for surveillance or discrimination,” mentioned Canada privateness commissioner Philippe Dufresene.