Subscribe
BBC News logo
TechCrunch logo
The Guardian logo
3 articles
·3M

23andMe Fined £2.3 Million for Data Breach, Files for Bankruptcy Protection

23andMe has been fined £2.3 million by a UK watchdog for a 2023 data breach affecting over 6.9 million users, leading to bankruptcy protection filing.

Slide 1
UK watchdog fines 23andMe for 'profoundly damaging' data breach
BBC News

BBC News

Slide 2
UK watchdog fines 23andMe over 2023 data breach
TechCrunch

TechCrunch

Slide 3
DNA testing firm 23andMe fined £2.3m by UK regulator for 2023 data hack
The Guardian

The Guardian

Subscribe to unlock this story

We really don't like cutting you off, but you've reached your monthly limit. At just $5/month, subscriptions are how we keep this project going. Start your free 7-day trial today!

Get Started

Have an account? Sign in

Overview

A summary of the key points of this story verified across multiple sources.
  • 23andMe was fined £2.3 million by the UK Information Commissioner's Office for a data breach affecting over 6.9 million users.
  • The breach involved a 'credential stuffing' attack, where hackers accessed user accounts due to weak authentication measures.
  • UK regulators cited the company's lack of secure password requirements and additional verification steps as reasons for the fine.
  • Following the fine, 23andMe filed for bankruptcy protection in the US, indicating severe financial repercussions from the breach.
  • In response to the incident, 23andMe has implemented mandatory multi-factor authentication to enhance user account security.
Written by AI using shared reports from
3 articles
.

Report issue

Pano Newsletter

Read both sides in 5 minutes each day

Analysis

Compare how each side frames the story — including which facts they emphasize or leave out.

Emphasizes 23andMe's significant data breach and regulatory fines due to inadequate security measures.

"This was a profoundly damaging breach that exposed sensitive personal information, family histories, and even health conditions."

BBC NewsBBC News
·3M
Article

"The U.K. data protection watchdog has fined 23andMe £2.31 million ($3.1m) for failing to protect U.K. residents’ personal and genetic data prior to its 2023 data breach."

TechCrunchTechCrunch
·3M
Article

How we categorize media bias

Articles (3)

Compare how different news outlets are covering this story.

Center (2)

FAQ

Dig deeper on this story with frequently asked questions.

The breach exposed users' ancestry information, genetic health data, profile names, photos, birth years, locations, family surnames, grandparents' birthplaces, ethnicity estimates, mitochondrial DNA haplogroup, Y-chromosome DNA haplogroup, and optionally shared text in the 'About' section.

Wikipedia - 23andMe data leakWikipedia - 23andMe data leak

The hackers used credential stuffing attacks, exploiting the reuse of passwords across different websites and the lack of multi-factor authentication on 23andMe accounts, allowing access to accounts with weak authentication measures.

The RegisterThe Register

Approximately 6.9 million users' data was accessed through the breach, with around 14,000 user accounts directly compromised due to reused credentials.

HIPAA JournalHIPAA Journal

23andMe implemented mandatory multi-factor authentication for user accounts and launched an investigation upon discovering the breach.

The RegisterThe Register

23andMe was fined £2.3 million by the UK Information Commissioner's Office for failing to secure user accounts properly and subsequently filed for bankruptcy protection in the United States due to the financial repercussions of the breach.

The RegisterThe Register

History

See how this story has evolved over time.
  • This story does not have any previous versions.