The U.Ok. information safety watchdog has fined 23andMe £2.31 million ($3.1m) for failing to guard U.Ok. residents’ private and genetic information previous to its 2023 data breach.
The Info Commissioner’s Workplace (ICO) mentioned on Tuesday it has fined the genetic testing firm because it “didn’t have further verification steps for customers to entry and obtain their uncooked genetic information” on the time of its cyberattack.
In 2023, hackers stole personal information on greater than 6.9 million customers’ over a months-long marketing campaign by accessing hundreds of accounts utilizing stolen credentials. 23andMe didn’t require its customers to make use of multi-factor authentication, which the ICO mentioned broke U.Ok. information safety regulation.
The ICO mentioned over 155,000 U.Ok. residents had their information stolen within the breach.
In response to the effective, 23andMe instructed information.killnetswitch that it had rolled out necessary multi-factor authentication for all accounts.
The ICO mentioned it’s involved with 23andMe’s trustee following the corporate’s submitting for chapter safety. A listening to on 23andMe’s sale is anticipated in a while Wednesday.
