Security News > 2024 > June > 23andMe data breach under investigation in UK and Canada
Privacy authorities in Canada and the United Kingdom have launched a joint investigation to assess the scope of sensitive customer information exposed in last year's 23andMe data breach.
The joint investigation will also examine if 23andMe alerted affected individuals and the privacy regulators as required by Canadian and UK privacy and data protection laws.
"This data breach had an international impact, and we look forward to collaborating with our Canadian counterparts to ensure the personal information of people in the UK is protected."
The attackers used credentials stolen from other data breaches or compromised online platforms to breach 23andMe accounts.
The company disclosed in data breach notification letters sent to impacted individuals that some stolen data was posted on the BreachForums hacking forum and the unofficial 23andMe subreddit.
23andMe told BleepingComputer in December that the threat actors downloaded data for 6.9 million out of 14 million customers after breaching around 14,000 user accounts.
News URL
Related news
- UN aviation agency investigating possible data breach (source)
- Washington state sues T-Mobile over 2021 data breach security failures (source)
- Largest US addiction treatment provider notifies patients of data breach (source)
- STIIIZY data breach exposes cannabis buyers’ IDs and purchases (source)
- EU law enforcement training agency data breach: Data of 97,000 individuals compromised (source)
- UK domain registry Nominet confirms breach via Ivanti zero-day (source)
- Wolf Haldenstein law firm says 3.5 million impacted by data breach (source)
- Otelier data breach exposes info, hotel reservations of millions (source)
- PayPal to pay $2 million settlement over 2022 data breach (source)
- UnitedHealth now says 190 million impacted by 2024 data breach (source)