1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • UK and Canada governments launch full investigation into 23andMe

    From TechnologyDaily@1337:1/100 to All on Tue Jun 11 13:00:06 2024
    UK and Canada governments launch full investigation into 23andMe mega breach

    Date:
    Tue, 11 Jun 2024 12:57:05 +0000

    Description:
    DNA firm lost sensitive data on millions of customers in 2023, and later blamed users for the fiasco.

    FULL STORY ======================================================================

    Data watchdogs in the UK and Canada are now jointly investigating the data breach that hit 23andMe in October 2023.

    The incident saw a threat actor post 13 million pieces of 23andMe data for sale on the dark web, including peoples origin estimation, phenotype and health information, photos and identification data, raw data, and some other account information.

    The leak reportedly contained one million lines of data for Ashkenazi people, as well as more than 300,000 users of Chinese descent, with 4.1 million
    people living in the UK also compromised. Since this type of data doesnt change over time, it is relevant to threat actors whenever they obtain it,
    and can be used in identity theft , phishing attacks, and more. Customer negligence?

    Now, the UK's Information Commissioners Office (ICO), and the Office of the Privacy Commissioner of Canada (OPC), have partnered to lead an investigation into the incident.

    People need to trust that any organization handling their most sensitive personal information has the appropriate security and safeguards in place, commented John Edwards, UK Information Commissioner.

    This data breach had an international impact, and we look forward to collaborating with our Canadian counterparts to ensure the personal information of people in the UK is protected.

    The two organizations will examine the scope of information that was exposed, and potential harm to affected people, as well as whether 23andMe had
    adequate safeguards in place. It will also investigate if the company
    notified affected individuals properly, as required by Canadian and UK data protection laws.

    In January 2024, 23andMe blamed its customers for the data breach , telling a group of victims they negligently recycled and failed to update their passwords following past security incidents unrelated to 23andMe."

    Therefore, the incident was not a result of 23andMes alleged failure to maintain reasonable security measures, the letter read. More from TechRadar Pro Damaging Microsoft VS Code extensions could cause major damage for millions of users Here's a list of the best firewalls today These are the
    best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/uk-and-canada-governments-launch-full-i nvestigation-into-23andme-mega-breach


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)