UK, Canada Launch Joint Investigation Into 23andMe Breach in 2023—Here's Why It Still Matters

By Giuliano De Leon

Jun 10, 2024 01:31 PM EDT

The UK and Canada launched a new joint investigation into the 2023 23andMe data breach.

This was announced by the UK Information Commissioner's Office (ICO) and the Office of Privacy Commissioner of Canada (OPC), the two leading authorities in data protection. But why are these watchdogs still involved in this cyberattack? Here's what they explained .

UK, Canada Launch Joint Investigation Into 23andMe Breach in 2023—Here's Why It Still Matters
A sign is posted in front of the 23andMe headquarters on February 01, 2024 in Sunnyvale, California. Genetic testing company 23andMe, once valued at $6 billion, is facing the possibility of delisting from NASDAQ as the company navigates numerous class action lawsuits.
(Photo : Justin Sullivan/Getty Images)

UK, Canada Launch Joint Investigation Into 23andMe Breach in 2023

According to TechCrunch's latest report, the Canadian and British watchdogs announced their joint investigation on Monday, June 10. To ensure the success of their probe, U.K Information Commissioner John Edwards and Privacy Commissioner of Canada Philippe Dufresne said they'd leverage their offices' expertise and resources.

They explained that the cyberattack should be investigated since 23andM3 is a custodian of sensitive personal details. For those unaware, the direct-to-consumer genetic testing service handles genetic information, which doesn't change over time.

The data breach, which happened from April until September 2023, affected the ancestry and genetic information of more than 6 million users. Even worse, the data breach wasn't discovered until October 2023, according to 23andMe

Related Article: Ticketmaster Suffers From Massive Data Breach Amid DOJ Lawsuit 

What UK-Canada Joint Investigation Aims To Do

In the official press release of ICO, the two watchdogs said that the new joint probe reflects their commitment to collaborate on ensuring people's fundamental right to privacy across jurisdictions.

During their investigation, ICO and OPC will do the following:

  • Check if 23andMe provided adequate notification about the Breach to the two regulators and the users affected, as required under the U.K. and Canadian data protection laws.
  • Identify if the company had sufficient safeguards to protect the sensitive user details it handles.
  • Check the scope of the exposed information during the cybersecurity attack.

"People need to trust that any organization handling their most sensitive personal information has the appropriate security and safeguards in place," explained Edwards.

He added that the 23andMe data breach matters since it had an international impact. Edwards further stated that they look forward to collaborating with their Canadian counterparts.

This will allow them to protect British people's information from such data breaches.

Read Also: Genetic Testing Company 23andMe Is Facing More Than 30 Lawsuits: Here's What to Know 

© 2024 VCPOST, All rights reserved. Do not reproduce without permission.

Join the Conversation

Real Time Analytics