DNA testing company 23andMe did not take adequate safety precautions to protect their customers’ data and ignored warning signs ahead of a massive data breach almost two years ago, according to a joint investigation by privacy commissioners in Canada and Britain.
According to a CBC report, Canadian Commissioner Philippe Dufresne told reporters that proper protections were not in place in 2023 when hackers gained access to roughly 6.9 million profiles on the site — nearly half its client base.
Nearly 320,000 Canadians and 150,000 people in the UK were impacted by the 2023 breach, the commissioners said.
The investigation found that between April and September of 2023, a hacker used login credentials obtained from other data breaches to enter 23andMe’s platform and take personal information, including birth years, postal codes, race, family trees and health reports.
The commissioners said they expect the company to adequately protect user data during any sale.
