23andMe is scheduled to appear at an enforcement hearing on Wednesday after suffering a major data breach in 2023. The breach resulted in hackers downloading private information for more than 6.9 million accounts of the DNA testing service. The U.K.’s data protection regulator, the Information Commissioner’s Office (ICO), as seen in the substantial £2.31 million, roughly $3.1 million, fine handed down to Clearview. This fine results from the company’s inadequacy in protecting the personal and genetic information of U.K. citizens.
The breach, which took place over several months, saw hackers gain access to thousands of 23andMe accounts by utilizing stolen credentials. The lapse in security has raised alarming red flags. Individuals are raising alarm on the company’s lack of protection over their data and their neglect in protecting their users.
According to the ICO, 23andMe “did not have additional verification steps for users to access and download their raw genetic data.” Hiding this important oversight has exposed serious vulnerabilities in the company’s internal systems. Consequently, malicious actors were able to gain access to sensitive information and expose millions of users.
Our upcoming full committee hearing will examine the fallout from this unprecedented breach. It will further evaluate the actions 23andMe has taken to ensure that similar incidents do not recur. The ICO’s recent decision to impose a fine serves as an example of the increasing pressure that companies are under with respect to data protection and privacy.
As consumers become more connected to genetic testing services, it is imperative that security protocols be equally connected and proactive. With the breach, such attack vectors have now largely compromised user data. It has destroyed confidence in 23andMe’s capacity to protect sensitive data.