DNA testing firm 23andMe has been fined more than $4 million following a joint investigation carried out by Canada and UK privacy officials, which found the company failed to ensure sufficient security measures were in place to protect customers’ personal information, leading to a major data breach in 2023.
The joint investigation was conducted by the Office of the Privacy Commissioner of Canada (OPC) and the United Kingdom Information Commissioner’s Office (ICO) after a cyber attack affected nearly 7 million 23andMe customers worldwide, including almost 320,000 Canadians and 155,600 people in the UK.
“We decided to launch this joint investigation in light of the international impact of the breach and the highly sensitive nature of the personal information involved,” Canada’s Privacy Commissioner Philippe Dufresne said at a joint press conference with the UK information commissioner in Ottawa on June 17….