UK regulators fine DNA tester 23andMe over data breach

LONDON: British regulators Tuesday fined US genealogy testing company 23andMe 2.31 million pounds ($3.1 million) for failure to protect client data from a 2023 cyberattack.

The fine from the UK’s Information Commissioner’s Office follows the data theft of 155,592 British residents, including their names, birthdates, photos and ethnic origins.

Some 7 million clients worldwide were affected by the attack, with some of their data later sold on the Reddit platform, ICO said in its statement.

The British regulator, following an investigation conducted along with the Canadian Privacy Commissioner, found that 23andMe’s security systems were inadequate, lacking measures such as multi-factor authentication, strong passwords, or unpredictable usernames.

EU countries back recycled plastic targets for cars

Some 320,000 Canadian residents were affected, but UK regulators lack the jurisdiction to impose fines on their behalf. The company says it has 15 million customers worldwide.

The California-based company, which is in bankruptcy proceedings and laid off 40 percent of its staff in March, is to be acquired by its founder, Anne Wojcicki, for $305 million.

23andMe sells mail-in saliva tests that allow users to determine their ancestry and various health-related genetic traits.