DNA testing firm 23andMe has been fined more than $4 million following a joint investigation carried out by Canada and UK privacy officials, who found the company failed to ensure sufficient security measures were in place to protect customers’ personal information, leading to a major data breach in 2023.
The joint investigation was conducted by the Office of the Privacy Commissioner of Canada (OPC) and the United Kingdom Information Commissioner’s Office (ICO) after a cyber attack affected nearly 7 million 23andMe customers worldwide, including almost 320,000 Canadians and 155,600 people in the UK.
