and the distribution of digital products.
UK watchdog fines 23andMe £2.31M for 2023 breach affecting 155K users
The U.K.’s Information Commissioner’s Office (ICO) has fined 23andMe £2.31 million ($3.1 million) for failing to protect U.K. residents’ personal and genetic data before the 2023 data breach, which affected over 155,000 U.K. residents.
The ICO stated that 23andMe “did not have additional verification steps for users to access and download their raw genetic data” during the cyberattack.
In 2023, hackers accessed thousands of accounts using stolen credentials, compromising private data on more than 6.9 million users over several months. The ICO noted that 23andMe did not require multi-factor authentication at the time, violating U.K. data protection law.
How to delete your 23andMe data
Following the breach, 23andMe reported it has implemented mandatory multi-factor authentication for all accounts. The ICO is in contact with 23andMe’s trustee following the company’s filing for bankruptcy protection. A hearing regarding 23andMe’s sale is expected later on Wednesday.