23andMe now being investigated for the 2023 breach

Deva on Breaches boosted:

DevaOnBreaches: Boosting Lorenzo Franceschi-Bicchierai (lorenzofb): NEW: More bad news for 23andMe.

The U.K. and Canada’s privacy watchdogs have launched a joint investigation into last year’s hack, which impacted 6.9 million 23andMe customers’ personal information.

People “need to trust that any organisation handling their most sensitive personal information has the appropriate security and safeguards in place,” said John Edwards of the U.K.’s Information Commissioner’s Office (ICO).  

https://techcrunch.com/2024/06/10/uk-and-canada-privacy-watchdogs-investigating-23andme-data-breach/

The article, titled UK and Canada privacy watchdogs investigating 23andMe data breach goes in to details on the joint investigation which will ask the biggest question on whether 23andme followed proper security measures.

It also goes in to how 6.9 million people were targeted, which, according to the article, was about half their user base.

Apparently, the company didn’t detect the actors till September of 23, and it started in April of that same year. That’s roughly six months!

The only reason they knew anything about it was because of their unofficial reddit and the hackers posting there as well as a well-known hacking forum.

That’s probably got to be one of the worst ways to find out you’ve been owned, and we haven’t seen anything since the breach notice which I blogged about and kept people up to date on.

The stolen data included the person’s name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports, and self-reported location.

The actors used Password Spraying to get at the data which may include using passwords that belonged to other sites they used.

entry on password spraying

23andMe did not send comment to Tech crunch at the time of writing.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.