Tag Archives: 23andMe

23AndMe Fined £2.3 Million by UK Regulators Over 2023 Data Breach | Technology News

Posted on by
Reply

The genetic testing firm 23AndMe has been penalized with a fine exceeding £2.3 million following a significant cyberattack in 2023, which compromised the personal information of over 150,000 UK residents.

Sensitive data, including family tree details, health reports, names, and postal codes, were among the information breached from the California-based company. The UK Intelligence Commission’s office confirmed the breach after employees discovered that stolen data was being offered for sale on the social media platform Reddit.

Intelligence Commissioner John Edwards referred to the incidents during the summer of 2023 as “a deeply damaging violation.” The data breach affecting the UK was just a fraction of a larger security incident that compromised data from 7 million individuals.

23AndMe offers DNA screening for £89 through a saliva-based kit, allowing users to trace their ancestry in terms of ethnicity and geographical origin. However, many customers sought bankruptcy protection in the US in March, requesting the removal of their DNA data from the company’s records following the hack.

The penalty coincided with a $355 million acquisition bid for the company led by former CEO Anne Wassicki.

Edwards noted that the data breaches included sensitive personal information, family histories, and even health conditions of numerous individuals in the UK.

“As one affected individual remarked, once this information is out there, it cannot be altered or replaced like a password or credit card number,” he added.

UK data protection regulators found that 23AndMe did not take fundamental steps to safeguard user information, revealing inadequacies in its security system, including a failure to implement stricter user authentication measures.

Hackers exploited a widespread weakness due to the reuse of passwords compromised in unrelated data breaches. They employed automated tools in a method called “credential stuffing.”

Edwards remarked, “The warning signs were evident, and the company’s response was sluggish. This has made individuals’ most sensitive data vulnerable to exploitation and harm.”

Skip past newsletter promotions

A company spokesperson stated that 23AndMe has taken various measures to enhance security for individual accounts and data. They have made a firm commitment to improving the protection of customer data and privacy in connection with an initiative that will benefit 23AndMe, a nonprofit associated with Wojcicki, the TTAM Research Institute.

Fines are part of the substantial penalties imposed on various organizations by ICOs in recent years due to their inability to secure data from hacking and ransomware incidents. In 2022, a fine levied against construction firms exceeded £4.4 million when staff data was compromised, including contact information, bank details, sexual orientation, and health data.

In March of this year, NHS IT supplier Advanced Computer Software Group faced a fine of nearly £3.1 million for endangering the personal information of approximately 80,000 individuals.

Source: www.theguardian.com

23andMe Founders Seek to Reclaim Control of Bankrupt DNA Testing Company

Posted on by
Reply

The previous CEO of 23andMe is poised to reclaim leadership of the genetic testing firm after placing a $305 million bid from the nonprofit organization.

Recently, Regeneron Pharmaceuticals announced a deal to purchase the company for $256 million, surpassing a $146 million offer from Anne Wojcicki and the nonprofit TTAM Research Institute. A former executive noted that this substantial offer prompted Wojcicki to elevate her bid with backing from the Fortune 500 entity. The deal is anticipated to finalize in the upcoming weeks, pending a court hearing scheduled for June 17, as stated by the company on Friday.

Wojcicki had made several attempts while CEO to retain the company as private. Each attempt was met with rejection from the board, and ultimately all independent directors resigned in response to her acquisition efforts.

As a leader in ancestral DNA testing, 23andMe filed for bankruptcy in March and aimed to auction its business following a 2023 data breach that compromised sensitive genetic and personal information of millions of users.

Since its bankruptcy announcement, 23andMe has seen a significant loss of clients, with a concerning trend of users wanting their accounts closed. The company, which analyzes complete genomes with unknown parties showing interest, reported that approximately 15% of its current customers are requesting account terminations in light of the bankruptcy and potential sale. Experts recommend that customers ask firms to delete their DNA data to safeguard privacy. On Friday, TTAM endorsed 23andMe’s existing privacy policy, asserting compliance with all relevant data protection regulations. Earlier this week, New York and over 20 other U.S. states filed a lawsuit against 23andMe to contest the sale of personal data from its clients.

Skip past newsletter promotions

Regeneron expressed enthusiasm for the new bid, but acknowledged that if Wojcicki’s offer were ultimately accepted, it would incur a $10 million termination fee.

Source: www.theguardian.com

Bankrupt DNA Testing Company 23andMe Acquired for $256 Million | Technology

Posted on by
Reply

Regeneron Pharmaceuticals has announced its plan to acquire genetic testing firm 23andMe Holding for $256 million through bankruptcy auctions, as revealed on Monday.

Regeneron stated that it adheres to 23andMe’s privacy policy and relevant laws concerning customer data usage, and is prepared to provide detailed explanations to court-appointed supervisors regarding this data. The deal is expected to finalize in the third quarter.

“The Regeneron Genetics Center has a solid track record of safeguarding genetic data for individuals globally while pursuing scientific discoveries that leverage this information for societal benefit.” “We assure our 23andMe customers that we will uphold strict standards of data privacy, security, and ethical oversight, enabling us to enhance human health.”

Lawmakers scrutinized the bankruptcy proceedings initiated in March, expressing concerns that genetic data from millions of clients could end up in the hands of unscrupulous buyers. One organization, the Global Biodata Trust, formally proposed acquiring 23andMe, advocating for consumer control over data, allowing individuals to either store their DNA information in a trust or share it with related public benefit companies.

Skip past newsletter promotions

Nevertheless, this bid also posed risks to customer privacy. The United States presently lacks comprehensive privacy regulations that enforceable guidelines around how Regeneron manages, utilizes, and shares genetic data acquired from 23andMe. This absence allows businesses to modify their privacy policies at will, often without prior notice to users. Without federal privacy laws, there is minimal recourse to hold organizations, including nonprofits, accountable.

Last month, 23andMe agreed to permit court-appointed supervisors to oversee client genetic information and security policies throughout the bankruptcy process.

Under the new agreement, Regeneron will acquire all of 23andMe’s assets, with the exception of Telehealth Service Lemonaid Health, which 23andMe intends to shut down. Following the completion of the transaction, 23andMe will continue as a direct or indirect subsidiary of Regeneron, the company stated.

The company has gathered genetic data from 15 million customers who ordered DNA test kits online and provided saliva samples. Weak demand for ancestor test kits has been exacerbated by the data breaches that occurred in 2023.

Source: www.theguardian.com

The Regretful Decision: Surrendering My DNA to 23andMe Only to Discover My British Heritage

Posted on by
Reply

23andMe is currently in crisis. The once-promising genetic testing company has experienced a significant downfall, with a 98% loss in its $6 billion value, the departure of all independent directors, a reduction in nearly half of its employees, and a decline in its customer base from 15 million. is urgently working to delete DNA data from its records. I am one of the affected individuals.

My journey with 23andMe began hesitantly in 2016 when I ordered their kit by mail. After some delay, I finally submitted my genetic sample for analysis. As a tech journalist, I am cautious about sharing data with companies, especially genetic information, which is immutable unlike passwords or credit card details.

The results revealed that I am 63% British and Irish, and 17% Danish, confirming my extensive northwestern European heritage. However, the absence of my supposed Czech lineage was surprising. With 23andMe’s uncertain future and concerns about the fate of user data, I reflect on the exchange of genetic privacy for such information.

Timothy Caulfield, a University of Alberta professor, notes that many individuals, like myself, experience ambivalence upon receiving genetic test results.

The concept of genetic testing to uncover ancestral roots and its implications on personal identity has always troubled me. Caulfield, who faced similar concerns with his own ancestry, argues that the notion of genetic influence on individual identity perpetuates racism.

Marketing strategies played a significant role in the success of companies like 23andMe. However, the impact of genetic testing results on one’s sense of identity can vary drastically, from affirming to challenging deeply held beliefs.

As 23andMe’s future remains uncertain, questions arise regarding the handling of existing user data. The ethical implications of genetic information extend beyond personal privacy to potentially compromising the privacy of relatives.

To safeguard my data, I opted to delete my account and requested a copy of my genetic information. However, concerns persist about the retention of such data by the company, especially in case of bankruptcy or ownership changes.

23andMe’s commitment to customer data protection is emphasized, with assurances of maintaining privacy standards even amidst financial instability.

Receiving my genetic data opened up new insights into my heritage, but the challenge lies in interpreting the vast amount of genomic information provided. Despite this, I have not taken any actions based on this data, as the complexity of genetic identity remains a source of ambivalence and uncertainty.

Source: www.theguardian.com

23andMe reports that hackers gained access to ‘significant’ data concerning users’ genealogy

Posted on by
Reply

Genetic testing company 23andMe announced Friday that hackers gained access to approximately 14,000 customer accounts in its recent data breach.

In a new filing with the U.S. Securities and Exchange Commission The company announced Friday that based on an investigation into the incident, it determined that the hackers had accessed 0.1% of its customer base. According to the company’s latest annual earnings report.23andMe has “more than 14 million customers worldwide,” so 0.1% is about 14,000 people.

However, the company also said that by accessing these accounts, the hackers were able to access “substantial data, including profile information about other users’ ancestry, that other users choose to share when opting in to 23andMe’s DNA kinship feature.” He said he also had access to several files.

The company did not say what those “significant” files were or how many “other users” were affected.

23andMe did not immediately respond to a request for comment that included questions about these numbers.

In early October, 23andMe disclosed an incident in which hackers used a common technique known as “credential stuffing” to steal the data of some users. In this method, a cybercriminal hacks into a victim’s account using a known password, possibly compromised by another password data breach. service.

However, the damage was not limited to the customers whose accounts were accessed. 23andMe allows users to opt in to the following features: dna relatives. If you opt in to that feature, 23andMe will share some of your information with other users. This means that by accessing her single victim’s account, the hacker was also able to see the personal data of people related to that first victim.

23andMe said in its filing that for its first 14,000 users, the stolen data “generally includes ancestry information, and for a subset of those accounts health information based on users’ genetics.” It contained relevant information.” For some other users, 23andMe said only that the hackers stole “profile information” and posted “certain information” online that was unspecified.

TechCrunch analyzed the set of stolen data released by comparing it to known public genealogy records, including websites published by hobbyists and genealogists. Although the data set was in a different format, it contained some of the same unique user and genetic information that matched genealogy records published online many years ago.

The owner of a genealogy website whose relatives’ information was partially exposed in the 23andMe data breach told TechCrunch that there are about 5,000 relatives discovered through 23andMe, and our “correlation shows that That may be something to consider.”

data breach news surfaced online In October, hackers promoted suspected data on 1 million Ashkenazi Jewish users and 100,000 Chinese users on a popular hacking forum. About two weeks later, the same hacker who first advertised his stolen user data, he also advertised what was claimed to be a record of 4 million people. The hacker was trying to sell each victim’s data for anything from $1 to $10.

TechCrunch discovered that another hacker was promoting more allegedly stolen user data on a separate hacking forum two months before the ad first reported by news outlets in October. In the first ad, the hacker claimed he had stolen 300 terabytes of data from 23andMe users, and if he wanted to sell the entire database he would get $50 million, or for a subset of the data he would get $1,000. He asked for $10,000.

Following the data breach, 23andMe on October 10 forced users to reset and change their passwords and encouraged them to enable multi-factor authentication. And on Nov. 6, the company required all users to use two-step verification, according to a new filing.

After the 23andMe breach, other DNA testing companies Ancestry and MyHeritage began requiring two-factor authentication.

Source: techcrunch.com