Canada & UK Partner in Joint 23andMe Data Breach Investigation

The two jurisdictions will work together to investigate the credential-stuffing attack that put the personal data of millions at risk.

An upward-looking view of the 23andMe logo on a building
Source: michelmond via Alamy Stock Photo

Authorities in Canada and the UK have launched a joint investigation into a 23andMe data breach that occurred last October. 

That's when a threat actor posted on the Dark Web claiming possession of 23andMe profile information, ultimately releasing roughly 4 million company records. 23andMe launched an investigation, discovering that the breach was a credential-stuffing attack that affected around 7 million people.

The discovery of the attack led the company to blame the victims of the breach, saying they were negligent in reusing their passwords that had previously been exposed in past data breaches.

The joint investigation now seeks to protect the "fundamental right to privacy of individuals across jurisdictions," as 23andMe is considered to be "a custodian of highly sensitive personal information" such as genetic history, health, ethnic background, and biological relationships. 

The countries will investigate the scope of the breached information, whether 23andMe had safeguards in place to protect that sensitive information, and whether the notifications the company provided to the regulators was adequate.

"People need to trust that any organization handling their most sensitive personal information has the appropriate security and safeguards in place," said UK Information Commissioner John Edwards. "This data breach had an international impact, and we look forward to collaborating with our Canadian counterparts to ensure the personal information of people in the UK is protected.”

Edwards and Canadian Privacy Commissioner Philippe Dufresne will be jointly investigating the breach.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights