ICO and Canadian counterpart to investigate 23andMe data breach
The Information Commissioner’s Office (ICO) has launched a joint investigation into the 23andMe data breach with the Office of the Privacy Commissioner of Canada (OPC).
Genetics testing company 23andMe has experienced a serious data breach. The security violation involves the DNA Relatives feature that allows users to compare ancestry information. The compromised data includes:
Other sensitive information could also be affected.
23andMe also stores genetic information about the relatives of some of its users. So even if these relatives didn’t send a sample or consent to any data collection, they could also be involved in this privacy violation.
Following the breach, the hackers are offering the assembled genetic information of thousands of people for sale on the dark web.
KP Law is investigating this incident, and we are considering a no-win, no-fee group action claim to help victims living in England & Wales claim compensation. To register your interest in joining this action, sign up below and we will be in touch to invite you to join our claim.
The hackers are now offering the assembled genetic information of thousands of people for sale on the dark web. 23andMe has not offered victims any credit monitoring or identity protections following the breach.
According to media reports, some of the data for sale specifically targets people with Chinese and Ashkenazi Jewish ancestry. This has raised serious concerns.
To ensure they do not fall victim to further attacks, anyone affected by the 23andMe data breach should be vigilant. At KP Law, we have seen victims of similar data breaches become the target of cybercriminals, with instances of phishing, fraud, and identity theft. Our data protection experts strongly advise anyone involved in this breach to be vigilant and take necessary precautions.
We may be able to claim compensation for any distress or financial losses experienced because of this breach and we urge anyone affected to register with us.
REGISTER TO FIND OUT MORE ABOUT THE 23ANDME DATA BREACH.
Talk to our expert data breach lawyers today on 0151 459 5850
The Information Commissioner’s Office (ICO) has launched a joint investigation into the 23andMe data breach with the Office of the Privacy Commissioner of Canada (OPC).
Genetics testing company 23andMe, has emailed customers to alert them to a data breach.
According to the company, hackers may have used credentials leaked from other websites to breach 23andMe accounts – a technique known as ‘credential stuffing’.
The compromised data includes:
Other sensitive information could also be affected.
In an email to affected it users, 23andMe said:
“We are working with third-party forensic experts on this investigation, as well as federal law enforcement. We have also required all customers to reset their passwords. Security and privacy are the highest priorities at 23andMe. We exceed industry data protection standards and have achieved three different ISO certifications to demonstrate the strength of our security program. We actively and routinely monitor and audit our systems to ensure that your data is protected. When we receive information through those processes or from other sources claiming customer data has been accessed by unauthorized individuals, we immediately investigate to validate whether this information is accurate. Beginning in 2019, we’ve offered and encouraged users to use multi-factor authentication (MFA), which provides an extra layer of security and can prevent bad actors from accessing an account through recycled passwords.
23andMe has also advised users change their login information and enable two-factor authentication to keep their accounts secure. 23andMe has not offered victims any credit monitoring or identity protections following the breach.
23andMe should be in touch to notify affected individuals.
Anyone who thinks they might be involved should take immediate steps to protect themselves. Find out how to do this here.
If you live in England or Wales and you receive notification that you are affected by the 23andMe data breach, register to receive updates on our investigation. We’ll let you know what’s happening, and if and when you can make a no-win, no-fee data breach compensation claim.
A group action claim is where a group of people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also known as class actions, multi-claimant, or multi-party actions.
If we do launch a group action, there are no costs to join a claim. However, if your claim is successful, you may have to pay a ‘success fee’. This fee is taken from the compensation awarded to you. At KP Law, our success fee is competitive, and we make sure you are fully informed about any potential costs before you officially join our action. If you lose, you won’t have to pay a penny.
KP Law has some of the most skilled data breach lawyers in England and Wales. Here are just some of our success stories.
KP Law is a founding member of the Collective Redress Lawyers Association (CORLA). CORLA aims to improve access to justice for claimants by way of collective redress.