UK Watchdogs Fine 23andMe $3.1M for Data Security Violations
UK regulators on Tuesday fined 23andMe 2.31 million pounds ($3.1 million) for data privacy violations stemming from the company's massive data breach in 2023.
The Information Commissioner's Office says the genetic testing company, which has since filed for Chapter 11 bankruptcy protection in the US, failed to put in place "appropriate" security measures to protect the personal information of its UK users, compromising that data in the breach. The UK fine comes after a joint investigation by the ICO and Canada's Office of the Privacy Commissioner.
In a statement, UK Information Commissioner John Edwards called the breach "profoundly damaging," noting that it exposed sensitive personal information, including the family histories and health conditions of thousands of people in the UK.
"Their security systems were inadequate," Edwards said. "The warning signs were there, and the company was slow to respond. This left people's most sensitive data vulnerable to exploitation and harm."
In 2023, cybercriminals breached 23andMe's systems by using a "credential-stuffing attack," which involves bombarding online accounts with huge sets of user names and passwords stolen in previous unrelated attacks. Over a period of months, the intruders were able to make off with the personal data of more than 6.9 million people, including about 155,000 UK residents.
The ICO said Tuesday that at the time of the breach, 23andMe didn't require additional verification, like a biometric indicator or a code sent to their phone, to access user accounts, which violates UK law. The company has since changed its practices to turn on two-factor authentication by default.
Mounting costs related to the breach, along with fading demand for its services, were key factors in 23andMe's decision to file for bankruptcy protection earlier this year. The move also caused tech and legal experts to wonder about the future security and privacy of the company's vast collection of consumer genetic samples and personal data.
A bid from Regeneron Pharmaceuticals to buy most of the company's assets for $256 million was met with criticism, but that company was ultimately outbid last week by the TTAM Research Institute, a nonprofit led by Anne Wojcicki, 23andMe's cofounder and former CEO. That deal remains subject to final court approval and customary closing conditions.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Associated Press
29 minutes ago
- Associated Press
GET.cruises launches to help travellers find unbiased cruise deals
Ipswich, UK - A new cruise comparison website, has launched in the UK, aiming to provide consumers with a more transparent and impartial way to compare cruise prices. The launch comes at a time of rapid growth for the cruise industry. According to the Cruise Lines International Association, cruise passenger numbers will hit 37 million in 2025, up from 31.7 million in 2023. As demand grows, so does the need for transparent, user-friendly tools to navigate the market. aggregates live pricing and availability data from a wide range of UK travel agents, allowing users to compare fares for the same cruise itinerary in one place. The platform is positioned as an independent alternative to existing booking sites that may prioritise affiliated partners or promoted listings. 'Our focus is on giving people the information they need to make confident, money-saving decisions', said founder Miles Cooke. 'Cruising is an amazing way to travel, but the pricing can be confusing and inconsistent. clears that up by showing the whole picture - not just what one company wants you to see.' Key features: Beyond its transparent pricing model, distinguishes itself with a streamlined, user-friendly interface designed for speed and simplicity. The platform enables swift filtering and clear comparisons, offering fast, clutter-free results across both desktop and mobile devices. For seasoned cruisers or those planning their very first voyage, presents a straightforward alternative to the complexity often found on traditional travel websites. Explore the platform at: About is the UK's newest cruise price comparison website. Our mission is to become the UK's go-to website for cruise comparison by providing a reliable, transparent, and easy-to-use service that empowers travellers to find the best cruise deal every time. Media Kit: Media Contact Company Name: Contact Person: Miles Cooke Email: Send Email Phone: 07922946096 Address:Phyora Limited, Alpha 6, Masterlord Office Village, Ransomes Europark City: Ipswich, IP3 9SX State: GB Country: United Kingdom Website: Source: PR Company
Associated Press
29 minutes ago
- Associated Press
99% of Fortune-1000 Companies Lack Quantum Cybersecurity Programs as Computing Threats Accelerate
Miami, FL June 17, 2025 --( )-- Qryptonic survey of 147 CISOs reveals critical readiness gaps; JPMorgan Chase and HSBC case studies demonstrate successful quantum-secure implementations. Only 1% of Fortune-1000 companies have established funded, board-mandated quantum cybersecurity programs, according to new research from Qryptonic Research LLC. The finding comes as quantum computing advances rapidly, with recent hardware breakthroughs significantly shortening the timeline for potential encryption vulnerabilities. The survey, conducted in May 2025 with 147 Chief Information Security Officers from Fortune-1000 enterprises, found that while 74% of companies are conducting assessments or limited pilots, 25% have no quantum migration plan at all. The research highlights a dangerous gap between the accelerating pace of quantum development and enterprise preparedness. Quantum Computing Milestones Compress Timeline Recent quantum computing achievements underscore the urgency: IBM demonstrated its 'Condor' system with 1,121 qubits (December 2023) Google's 'Willow' achieved 105 error-corrected qubits, bringing RSA encryption vulnerability within a decade (December 2024) IonQ's $1.08 billion merger with Oxford Ionics targets fault-tolerant processors by 2029 (June 2025) 'The quantum computing landscape has transformed from theoretical risk to imminent business challenge,' said Jessica Gold, Head of Marketing and PR at Qryptonic. 'Organizations collecting encrypted data today face the real possibility of that data being decrypted by quantum computers tomorrow.' Industry Disparities in Quantum Readiness The research reveals significant variations across sectors: Leading adoption: Financial services (40%), government agencies (35%), and critical infrastructure Lagging sectors: Manufacturing (10%), retail (15%), and logistics This disparity is corroborated by independent research from Deloitte (November 2024) showing only 30% of organizations taking meaningful action, despite 52% assessing their exposure. Proven Implementation Paths Major financial institutions are demonstrating successful quantum-secure implementations: JPMorgan Chase deployed a Quantum-Secured Crypto-Agile Network (Q-CAN) across three U.S. data centers, achieving: 100 Gbps hybrid TLS implementation using X25519 + Kyber-768 45-day pilot with minimal latency impact (+6 ms) $30 million in new assets under management from quantum-aware clients HSBC successfully secured tokenized digital bonds using post-quantum cryptography: Achieved 1,000 transactions per second using Dilithium signatures Received FCA regulatory sandbox approval Completed first fully PQC-secured digital bond issuance in the EU Federal Investment Underscores Urgency The U.S. government has allocated $7.1 billion for federal quantum cryptography migration from fiscal year 2025-2035, with the Quantum Computing Cybersecurity Preparedness Act mandating full cryptographic inventories by 2027. 'Organizations must prepare now. The transition journey will be lengthy and demands global cooperation,' noted Matt Scholl, Chief of NIST's Computer Security Division, in 2024 guidance that led to NIST's finalization of post-quantum cryptography standards including CRYSTALS-Kyber and CRYSTALS-Dilithium. Qryptonic Offers Rapid Assessment Solution To address the critical need for quantum risk assessment, Qryptonic has developed Q-Scout™, a comprehensive cryptographic inventory service that identifies quantum vulnerabilities in seven days. The service provides: Complete cryptographic inventory from cloud to operational technology Risk-weighted scorecard aligned with NIST and ENISA standards Board-ready 12-month migration blueprint Typical identification of $3-5 million in quick-win cost savings 'You can't mitigate what you don't measure,' said Jason Nathaniel Ader, Co-Founder and Chief Innovation Officer at Qryptonic and author of The Quantum Almanac 2025-2026. 'With 99% of Fortune-1000 companies unprepared for quantum threats, immediate action is crucial for maintaining competitive advantage and ensuring long-term security.' About the Research The Qryptonic Quantum-Risk Survey was conducted in May 2025, interviewing 147 Fortune-1000 CISOs across multiple sectors through anonymous questionnaires with follow-up validation. The full research report and methodology are available at About Qryptonic Qryptonic: Post-Quantum Ready — Permanently. Qryptonic is the global leader in enterprise post-quantum security advisory, providing vendor-neutral cryptographic risk solutions for financial institutions, governments, and high-risk industries. We help organizations achieve permanent cryptographic resilience before Q-Day 2028, and keep them protected against Harvest Now, Decrypt Later attacks. Qryptonic Research LLC is a division of Qryptonic, LLC, dedicated to advancing quantum cybersecurity research and developing actionable insights for enterprise quantum readiness. Access Q-Scout™ Quantum Risk Assessment Organizations can rapidly assess their quantum vulnerability exposure with Q-Scout™, Qryptonic's NIST-aligned cryptographic inventory service backed by a $1 million guarantee. The comprehensive assessment is delivered in just seven days. For more information or to initiate your quantum risk assessment, visit or contact our enterprise team at (888) 2-QRYPTONIC. Media Contact Jessica Gold Head of Marketing and PR Qryptonic, LLC Secure Your Enterprise for the Quantum Era Offices: New York, NY | Miami, FL | Be'er Sheva, Israel Email: [email protected] Phone: +1 (888) 2-QRYPTONIC Contact Information: Qryptonic, LLC Jessica Gold 954-694-2300 Contact via Email Read the full story here: 99% of Fortune-1000 Companies Lack Quantum Cybersecurity Programs as Computing Threats Accelerate Press Release Distributed by
Associated Press
29 minutes ago
- Associated Press
SIMS Software Earns CMMC Level 2 Certification
SIMS Software announces CMMC 2.0 Level 2 Certification for SIMS Cloud 4.0, a certified cloud solution offering secure and compliant hosting for the national security community. CARLSBAD, CALIFORNIA / ACCESS Newswire / June 17, 2025 / SIMS Software, the preeminent provider of security information management solutions, announced that their SIMS Cloud 4.0 offering has been awarded CMMC Level 2 certification meeting all 110 controls, with zero requirements for Plans of Action and Milestones (POA&Ms), reinforcing its position as the leader in providing secure, compliant solutions for the national security Software's Certificate of CMMC Status The Department of Defense program known as Cybersecurity Maturity Model Certification (CMMC) went into effect December 16, 2024, and requires a third-party assessment to ensure contractors are applying cybersecurity best practices for those handling sensitive unclassified information. SIMS Cloud 4.0 achieving Level 2 certification enables SIMS Software's customers to comply with the DoD requirements to securely manage their sensitive and Controlled Unclassified Information (CUI). 'This certification represents a major milestone in our ongoing commitment to helping cleared industry and government clients stay ahead of evolving compliance mandates and reflects our ongoing investment in securing the critical systems and data our customers rely on,' said Michael Struttmann, CEO at SIMS Software. 'SIMS Cloud 4.0 offers our customers a secure, scalable, and fully managed cloud hosted solution that's purpose-built for the complexity of classified operations-now with the confidence of CMMC Level 2 certification.' SIMS Software's achievement has been the result of the company's preparation over many years to build a rigorous security framework that led to a flawless assessment. Based on publicly available data from the CMMC ecosystem, SIMS Software is among the first 1% of approximately 76,000 cleared contractors to achieve CMMC 2.0 Level 2 certification, reflecting their early and proactive approach to cybersecurity compliance. As defense contractors and security professionals prepare for CMMC enforcement and increasing cybersecurity demands, SIMS Cloud 4.0 provides a compliant path forward, with subscription-based flexibility and rapid deployment, allowing organizations to modernize real-time data management needs without sacrificing resources and mission integrity. About SIMS Software For over 40 years, SIMS Software has been the preeminent software solution provider in digitizing and modernizing security information systems for the most demanding and at-risk customer sets. SIMS provides one fully integrated solution that harmonizes all security disciplines through modules that cover personnel security, classified asset tracking, insider threat detection, and facility access control. SIMS addresses massive gaps in security information management to streamline the orchestration of critical data and risk mitigation across one security domain. To learn more about SIMS Cloud 4.0, visit Contact InformationTrina Thayne Chief Marketing Officer 18584819292 SOURCE: SIMS Software press release
