DNA testing firm 23andMe fined £2.31m for ‘serious security failings'
Genetic testing firm 23andMe has been fined £2.31 million by the UK's data protection watchdog for 'serious security failings' after personal information of more than 155,000 UK users was accessed in a major cyber attack.
The Information Commissioner's Office (ICO) said the DNA testing kit firm, which filed for bankruptcy in the US in March, failed to properly protect UK user data and also responded inadequately to the hack in 2023.
The penalty follows a joint investigation between the ICO and the Office of the Privacy Commissioner of Canada.
The attack, which took place between April and September 2023, saw personal information of 155,592 UK residents accessed by the hacker, potentially revealing names, birth years, some addresses, profile images, race, ethnicity, family trees and health reports.
Between April and September 2023, a hacker carried out a credential stuffing attack gaining access to this sensitive information.
Learn all the details about our joint investigation on our website: https://t.co/4bYXHnkY5F pic.twitter.com/hFlXfdG1lA
— ICO – Information Commissioner's Office (@ICOnews) June 17, 2025
The ICO said its investigation found 23andMe did not have extra verification steps for users to access and download their raw genetic data, while it also failed to have adequate authentication and verification measures in place, such as mandatory multi-factor authentication, secure password protocols or unpredictable usernames.
The firm also did not have effective systems in place to monitor, detect or respond to cyber threats targeting its customers' sensitive information.
Information Commissioner John Edwards said: 'This was a profoundly damaging breach that exposed sensitive personal information, family histories and even health conditions of thousands of people in the UK.
'As one of those impacted told us: once this information is out there, it cannot be changed or reissued like a password or credit card number.
'23andMe failed to take basic steps to protect this information.
'Their security systems were inadequate, the warning signs were there, and the company was slow to respond.
'This left people's most sensitive data vulnerable to exploitation and harm.'
The fine comes as the firm's former chief executive, Anne Wojcicki, looks set to regain control of 23andMe after outbidding rival suitor, Regeneron Pharmaceuticals.
A 305 million US dollar (£226 million) bid from a non-profit firm she controls topped a rival 256 million dollar (£190 million) offer from Regeneron Pharmaceuticals in a bankruptcy auction.
The deal is expected to close in the coming weeks.
The ICO said 23andMe was first hacked in April 2023, when it was hit with a so-called credential stuffing attack.
In August 2023, a claim of data theft affecting more than 10 million users worldwide was dismissed as a hoax, despite 23andMe having conducted isolated investigations into unauthorised activity on its platform the previous month, according to the ICO.
The hacker launched another attack in September of that year, but the company did not start a full investigation until October, when a 23andMe employee discovered that the stolen data had been advertised for sale on Reddit.
'Only then did 23andMe confirm that a breach had occurred,' the ICO said.
Canada's privacy commissioner Philippe Dufresne said: 'Strong data protection must be a priority for organisations, especially those that are holding sensitive personal information.
'With data breaches growing in severity and complexity, and ransomware and malware attacks rising sharply, any organisation that is not taking steps to prioritise data protection and address these threats is increasingly vulnerable.'
He added that the joint probe with Britain's ICO shows 'how regulatory collaboration can more effectively address issues of global significance'.
23andMe filed for bankruptcy protection in the US in March, after struggling with heavy losses and facing the aftermath of the data hack.
Privacy experts have since raised concerns about what could happen to the vast amounts of genetic and other personal data the company holds if it is sold to a third-party, with many urging users to log in and request their data be deleted.
The ICO said it received complaints from 23andMe customers concerned about their personal data being hacked amid fears it could be used by financial fraud, surveillance or discrimination.
One affected customer told the ICO: 'Disgusted that my DNA data could be out there in the wild and been exposed to bad actors.
'Extremely anxious about what this could mean to my personal, financial and family safety in the future.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Edinburgh Reporter
13 minutes ago
- Edinburgh Reporter
Third Sector funding ‘an investment in communities'
Increased funding for under pressure charities in West Lothian should be seen as 'an investment in communities' as expenditure outstrips income councillors have been told. Alan McCloskey, CEO of the Voluntary Sector Gateway (VSG) said that voluntary groups, relied on by the council and by individuals were facing increasing costs. Third Sector income in West Lothian fell by almost 20% in the last year – down to £84m in 2023/24 from £110m, the year before – while expenditure was down only marginally, from £89.5m to £88.9m. The report presented to the Economy, Community Empowerment and Wealth Building PDSP was designed to give an overview of the work across the Third Sector and the £44.9m in funding which goes into the sector from the council, health and related funding streams. Alan McCloskey the CEO of the VSG told the meeting: 'I think the report rightly touches on funding; it is actually an investment in communities. People are still struggling across the county with the impacts of fuel and food poverty, and the work that the Third Sector does to support communities is still much needed and demand on the services continues.' Mr McCloskey said that the Third Sector had proved 'extremely agile' in supporting people and making a difference to lives. He added 'We look forward to that support continuing as we move forward.' The majority of the 500 local charities working in West Lothian work in social care, sports and culture and community and economic development. They offer support from among the youngest to the oldest residents in the county. The annual report said: 'The key importance of how the Third Sector is able to draw down funding from external funders is recognised and how that ability helps to deliver key support to our local communities.' Some such as the Food Network put food on the tables of many while others such as the Larder, and West Lothian College also offer skills training and access to employment. Some of those organisations helped such as Whitburn's community Development Trust provide a range of specific services within communities such as a community fridge and community garden. In her report to the PDSP Clare Stewart, Community Wealth Building Manager detailed the collaboration with the Third Sector and the work done alongside funding to help secure external support. She said: 'In 2024/25 the West Lothian 4 Communities, a funding website that supports the Voluntary and Third Sector to search for funding, had 203 registrations users who searched the site 18,251 times. 'The website is accessible for West Lothian based organisations to easily search for funding opportunities across the UK. The site will pull together a list of possible funding sources based on the type of organisation and what activities are being delivered. It significantly reduces the amount of time spent searching for funding.' Councillors across the chamber welcomed the continued partnership between council and Third Sector while acknowledging the funding pressures on voluntary organisations. Councillor Andrew Miller said that money was always tight, but the council relied on the Third Sector 'to do what it does, and so much more, reaching down to people that the council often missed.' 'Money is always tight and it's getting tighter. I wouldn't like to see any of these groups fall by the wayside.' Labour's Craig Meek said: 'I welcome the report on the investment that is put into the Third Sector. It's really important. Congratulations to all that have received funding thanks to council officers and the Gateway staff for all their work.' Councillor Sally Pattle said: 'We know how much we are continuing to rely on the work of Third Sector and how valuable the work is.' Clare Stewart concluded in her report: 'West Lothian Council recognises that the Third Sector plays a hugely important role in complimenting and adding values to the work of West Lothian Council in delivering support within communities. It is vital that our partnership continues.' By Stuart Sommerville, Local Democracy Reporter Like this: Like Related
The Guardian
16 minutes ago
- The Guardian
Former Argentinian president Cristina Fernández allowed to serve corruption sentence at home
A federal court in Argentina has granted former president Cristina Fernández de Kirchner's request to serve a six-year prison sentence for corruption at her home in Buenos Aires. Judges ruled that Fernández, 72, can serve time in the apartment where she lives with her daughter and her granddaughter, citing her age and security reasons. Fernández was the victim of an attempted assassination three years ago. In the ruling, the court said that Fernández 'must remain at the registered address, an obligation that she may not break except in exceptional situations'. Last week, Argentina's highest court upheld Fernández's sentence in a ruling that permanently banned her from public office over the corruption conviction that found she had directed state contracts to a friend while she was the first lady and president. The explosive ruling left Fernández, Argentina's charismatic yet deeply divisive ex-leader, subject to arrest and sent her supporters pouring into the streets of Buenos Aires, Argentina's capital, and blocking major highways in protest. The ruling barred Fernández from running in this fall's Buenos Aires legislative elections just days after she launched her campaign. Fernández, who dominated Argentinian politics for two decades and forged the country's main leftwing populist movement known as Kirchnerism, after her and her husband, former president Néstor Kirchner, rejects the charges as politically motivated. During Fernández's eight years in office (2007–2015), Argentina expanded cash payments to the poor and pioneered major social assistance programs. Her governments funded unbridled state spending by printing money, bringing Argentina notoriety for massive budget deficits and sky-high inflation. Critics blamed Argentina's years of economic volatility on Fernández's policies, and outrage over successive economic crises and the country's bloated bureaucracy helped vault radical libertarian president Javier Milei to the presidency in late 2023. Fernández was embroiled in multiple corruption scandals during her tenure. She was convicted in 2022 of corruption in a case that centered on 51 public contracts for public works awarded to companies linked to Lázaro Báez, a convicted construction magnate and friend of the presidential couple, at prices 20% above the standard rate in a scheme that cost the state tens of millions of dollars. Fernández has questioned the impartiality of the judges. She claims her defense did not have access to much of the evidence and that it was gathered without regard to legal deadlines. She faces a series of other upcoming trials on corruption charges.
Sky News
17 minutes ago
- Sky News
'Britain's darkest secret': Grooming survivor calls for apology from Starmer
A rape survivor who was abused by dozens of men has called on the prime minister to apologise for the delay in calling for a national inquiry into the grooming scandal. "Elizabeth", whose name we have changed to protect her identity, was abused by a gang of men in Rotherham from the age of 14. She was also trafficked to other cities and says she was raped by so many men over the course of more than three years she doesn't know the exact number. She says all her abusers were of Pakistani heritage. After Louise Casey's explosive report revealed the ethnicity of perpetrators had been shied away from by the authorities, Elizabeth says Sir Keir Starmer owes survivors an apology "not just for holding back on the inquiry, because he could have done this six months ago, but also for the insults that followed". She says it was incorrect of the prime minister to accuse people of jumping on a "far-right bandwagon". "Survivors and families have not done that. You have whistleblowers, you know, it's concerned people wanting justice for child abuse," she says. She also believes that had the authorities been prepared to confront concerns about the ethnicity of offenders and investigate communities more closely, she could have been spared the abuse she suffered. "Going back, the intelligence, everything, I should never have been a victim," she says. Many are angry it has taken 11 years for politicians to accept the issue Shockingly, in Rotherham, the truth has been known for more than a decade. In 2014 a report by Alexis Jay, who went on to chair a national inquiry into the wider issue of child sexual exploitation, found there were at least 1,400 victims of grooming in the town, with the perpetrators predominantly of Pakistani heritage. 4:18 Many here, including Elizabeth, are angry it has taken 11 years for politicians to accept the issue, despite scandals emerging in a number of towns and cities across Britain. "It's a question still that needs to be answered. I do think it was because they wanted to be politically correct," she says. 'They silenced the wrong people' She's disappointed but unsurprised by the revelation that Whitehall officials wanted to help the authorities in Rotherham cover up the scandal: "It does explain a lot because I've always thought that how organised Rotherham was - how possibly could they have pulled it off themselves?" She believes the result of years of denial by the authorities has meant perpetrators were protected. She describes the survivors of grooming as "Britain's darkest secret", adding, "they silenced the wrong people and we need the truth. Why did they do it?". Sir Keir 'frustrated' with politicians who 'shout and scream but do nothing' Sir Keir said he gets "frustrated" with politicians who "shout and scream but do nothing" as he defended past comments about a grooming gangs inquiry. 7:56 Speaking to Sky News's political editor Beth Rigby, the prime minister was asked if he regretted saying in January that those calling for a national probe into paedophile rings were "jumping on a far-right bandwagon" - given he has now agreed to one. Sir Keir said he was "really clear" he was talking about the Tories, who were demanding an inquiry they never set up when they were in government. He said: "I was calling out those politicians. I am frustrated with politics when people shout and scream a lot and do nothing when they've got the opportunity to do it. It's one of the worst aspects of politics, in my view."
