23andMe breach under joint investigation in UK and Canada

TechCrunch reports that the Office of the Privacy Commissioner of Canada and the Office of the Information Commissioner in the United Kingdom have partnered to conduct a joint investigation into the massive 23andMe data breach last year that exposed confidential information belonging to 6.9 million users .

In addition to examining the scope of data exposure and possible harm to those affected, both the OPC and ICO will also look at the U.S. genetic testing provider’s implementation of data safeguards, as well as the timeliness of notifying regulators of breaches.

“This data breach was international in scope and we look forward to working with our Canadian counterparts to ensure the personal data of people in the UK is protected,” said ICO Commissioner John Edwards.

Meanwhile, 23andMe has already pledged to cooperate in a joint investigation.

“We intend to comply with the reasonable requests of these regulators in connection with the credential spoofing attack detected in October 2023.” 23andMe spokesman Andy Kill said.