<ul data-eligibleForWebStory="true"><li>The U.K. data protection watchdog fined 23andMe £2.31 million ($3.1m) for failing to protect U.K. residents’ personal and genetic data prior to its 2023 data breach.</li><li>The Information Commissioner’s Office (ICO) fined 23andMe for not having additional verification steps for users to access and download their raw genetic data during the cyberattack.</li><li>Hackers stole private data of over 6.9 million users during a months-long campaign by accessing thousands of accounts using stolen credentials.</li><li>23andMe did not require multi-factor authentication, breaking U.K. data protection law according to the ICO.</li><li>Over 155,000 U.K. residents had their data stolen in the breach.</li><li>23andMe implemented mandatory multi-factor authentication for all accounts in response to the fine.</li><li>The ICO is in contact with 23andMe’s trustee after the company filed for bankruptcy protection.</li><li>A hearing on 23andMe’s sale is expected later on Wednesday.</li></ul>

UK watchdog fines 23andMe over 2023 data breach

Discover more