The U.K.'s Information Commissioner's Office (ICO) has fined 23andMe £2.31 million ($3.1m) for failing to protect U.K. residents' data, resulting in a breach where hackers stole data of over 155,000 U.K. users. The ICO found that 23andMe lacked sufficient verification measures, such as multi-factor authentication, violating U.K. data protection law. The fine comes as 23andMe faces bankruptcy proceedings and a pending sale, with the ICO in contact with the company's trustee.
The U.K.'s Information Commissioner’s Office (ICO) has imposed a £2.31 million ($3.1m) fine on 23andMe, highlighting critical failures in safeguarding U.K. residents' personal and genetic data preceding its 2023 data breach. This breach, which affected over 155,000 U.K. users and was part of a larger incident impacting 6.9 million individuals globally, stemmed from the company's failure to implement essential security measures like multi-factor authentication (MFA), constituting a violation of U.K. data protection law. Although 23andMe has since mandated MFA across all accounts, this regulatory action and the associated reputational damage compound the company's existing financial distress, as evidenced by its filing for bankruptcy protection. The ICO's engagement with 23andMe's trustee and an imminent hearing concerning the company's sale indicate a pivotal moment, reflecting significant operational and governance shortcomings that contribute to an extremely negative sentiment and substantial market impact.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
extremely negative
Sentiment Score
-0.85
