The UK’s Information Commissioner’s Office (ICO) will investigate 23andMe over its recent data breach. This means the data watchdog thinks the genetic testing company has questions to answer over how it handled its customer’s private data.
The investigation is good news for people who have joined a legal action against 23andMe, as it will help establish exactly what happened.
What do we know about the 23andMe data breach?
In October 2023, hackers accessed the accounts of around 14,000 23andMe customers.` Here’s what we know so far:
- The criminals used emails and passwords stolen in other breaches to login to the accounts of some 23andMe customers
- The security failure exposed a range of sensitive data
- 23andMe has a feature called ‘DNA Relatives’ that lets people share data with users they are related to. The hackers exploited this to access the data of around seven million people.
The ICO will work alongside its Canadian counterpart, the Office of the Privacy Commissioner of Canada (OPC). Together, they will look at:
- The scope of information that was exposed by the breach
- The potential harm to affected people
- Whether 23andMe had adequate safeguards to protect the highly sensitive information within its control
- Whether the company provided adequate notification about the breach to the two regulators and affected people as required under Canadian and UK data protection laws.
Are you affected by the 23andMe data hack?
Millions of people are affected by the 23andMe data breach, including many in the UK. However, while the joint investigation is welcome, even if found guilty, the ICO and OPC does not award compensation to data breach victims.
The only way to get justice and compensation for the hack is make a lawsuit against 23andMe – but you don’t have to do it alone. We’re helping victims of this cyberattack come together and fight as one by joining a group action claim.
Could you qualify to join a no-win, no-fee 23andMe group action claim?
Our simple eligibility checker provides instant clarity. Answer a few straightforward questions, and you’ll know if you could qualify for a 23andMe data breach group action claim.