The data watchdogs of the UK and Canada will investigate genetic testing company 23andMe over a data breach in October 2023.

Hackers gained access to personal information of 6.9 million people, which in some cases included family trees, birth years and geographic locations, by using customers’ old passwords.

One of the things the joint taskforce will investigate is whether adequate safeguards had been put in place to protect such data. “We intend to cooperate with these regulators’ reasonable requests,” 23andMe said in a statement.

The data stolen in October did not include DNA records.

The company was not hacked itself - but rather criminals logged into about 14,000 individual accounts, or 0.1% of customers, by using email and password details previously exposed in other hacks.

  • Illecors@lemmy.cafe
    link
    fedilink
    English
    arrow-up
    9
    ·
    5 months ago

    So… it’s a hack, but it’s not been hacked?

    Come the fuck on, BBC, you can do better.

    • newnton@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      15
      ·
      edit-2
      5 months ago

      From what I’ve heard people got their accounts at random other companies/ services hacked, their emails and passwords were posted/ sold online, and then the hackers bought them and tried entering them into 23andMe which succeeded for a number of users who use the same creds across services. I agree the article could have been clearer, but it does seem like a meaningful distinction to me that 23andMe itself didn’t get hacked

    • Flying Squid@lemmy.worldM
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      2
      ·
      5 months ago

      “Genetic testing firm 23andMe investigated over incident where scammers stole 14,000 accounts to get data” seems unnecessary.

      I think that “hack” works.

  • tal@lemmy.today
    link
    fedilink
    English
    arrow-up
    7
    ·
    5 months ago

    Along with publicly-available birth and death data, that’s probably adequate to infer information about a lot of people who are not in the database.