June 11, 2024 at 09:33AM
The UK and Canada data protection watchdogs are collaborating to investigate the 23andMe data breach. The probe will assess any customer harm, safeguards in place, and transparency with regulators. The breach affected nearly 7 million individuals, with attackers targeting users’ genetic information. 23andMe’s delayed implementation of 2FA is also under scrutiny.
Key takeaways from the meeting notes:
– The UK Information Commissioner, John Edwards, and the Privacy Commissioner of Canada, Philippe Dufresne, are collaborating to investigate the 23andMe data breach that affected nearly 7 million individuals.
– The investigation will focus on determining if the breach caused harm to customers, whether appropriate safeguards were in place, and if the company was transparent with regulators.
– Concerns were raised about the international impact of the breach and the need for adequate protection of personal information.
– The cybercriminal, “Golem,” targeted 14,000 accounts but was able to access data from millions of users due to the wide-scale opting-in to the DNA Relatives feature.
– There was controversy over 23andMe’s response to the breach, with some criticizing the company for blaming customers’ poor security habits.
– Questions have been raised about the timing of implementing 2FA by 23andMe and how regulators will assess this in the investigation.
– The ICO and OPC stated that no further comments will be made about 23andMe until the investigation concludes.
– 23andMe has acknowledged the joint investigation and expressed their intention to cooperate with regulators.
These takeaways provide a concise overview of the key points discussed in the meeting notes.