Canada launches 23andMe investigation following data breach

As the world’s pre-eminent DNA test kit company struggles to stay afloat, a new probe into a recent data breach could further complicate its comeback.

What happened: Privacy watchdogs in Canada and the UK have teamed up to launch a joint investigation into a 2023 data breach that compromised the genetic and ancestry data of 6.9 million 23andMe users, an issue the company tried to pin on weak user passwords.

  • The company only realized it had been hacked after the stolen data was advertised on a 23andMe Reddit page, five months after hackers first gained access to the data.
  • Investigators will look into whether 23andMe appropriately safeguarded its data and reported the hack, and what the potential damage to victims might be.

Why it matters: Sensitive data could be “misused for surveillance or discrimination,” according to Canada’s privacy commissioner. When hackers initially posted the data for sale, they claimed that it contained a million data points exclusively about users with Ashkenazi Jewish heritage.

Bottom line: From location data and credit cards to genetic information and purchase history, companies hold a lot of data on their customers. As cyberattacks become increasingly common, companies have to step up their safeguards.


Get smarter about what matters. Sign up for The Peak, a free five-minute daily email on Canadian business, tech, and finance that you’ll actually enjoy reading.

Source