abusesaffiliationarrow-downarrow-leftarrow-rightarrow-upattack-typeblueskyburgerchevron-downchevron-leftchevron-rightchevron-upClock iconclosedeletedevelopment-povertydiscriminationdollardownloademailenvironmentexternal-linkfacebookfilterflaggenderglobeglobegroupshealthC4067174-3DD9-4B9E-AD64-284FDAAE6338@1xinformation-outlineinformationinstagraminvestment-trade-globalisationissueslabourlanguagesShapeCombined Shapeline, chart, up, arrow, graphLinkedInlocationmap-pinminusnewsorganisationotheroverviewpluspreviewArtboard 185profilerefreshIconnewssearchsecurityPathStock downStock steadyStock uptagticktooltiptwitteruniversalitywebwhatsappxIcons / Social / YouTube

這頁面沒有繁體中文版本,現以English顯示

文章

2025年6月17日

作者:
Robert Booth, The Guardian

UK: DNA testing firm 23andMe fined over £2m by ICO for 2023 data hack

查看所有標籤 指控

"DNA testing firm 23andMe fined £2.3m by UK regulator for 2023 data hack", 17 June 2025

The genetic testing company 23andMe has been fined more than £2.3m for failing to protect the personal information of more than 150,000 UK residents after a large-scale cyberattack in 2023.

Family trees, health reports, names and postcodes were among the sensitive data hacked from the California-based company. It only confirmed the breach months after the infiltration started and once an employee saw the stolen data advertised for sale on the social media platform Reddit, according to the UK Information Commissioner’s Office – which levied the fine.

The information commissioner, John Edwards, called the months-long incident across the summer of 2023 a “profoundly damaging breach”. The compromise of UK data was just a fraction of the wider losses, with the data of 7 million people affected.

23andMe charges users £89 to have their DNA screened using a saliva-based kit, allowing them to discover where their distant ancestors came from in terms of their ethnicity and location. But many customers asked for their DNA data to be deleted from the company’s archives after the hack and it filed for bankruptcy protection in the US in March.

...

23andMe failed to take basic steps to protect the information and their security systems were inadequate, the UK data protection regulator found. The breaches included failing to install tougher user authentication.

...

A spokesperson for the company said 23andMe had since implemented multiple steps to increase security to protect individual accounts and information. They said that as part of the deal to acquire 23andMe, Wojcicki’s non-profit, the TTAM Research Institute, has made “binding commitments to enhance protections for customer data and privacy, including allowing individuals to delete their account and opt out of research at any time” and “agreeing not to sell or transfer genetic data under a subsequent bankruptcy or change of control”, and offering customers two years of free identity theft monitoring.

The fine is among several multimillion pound punishments meted out by the ICO in recent years for failure to protect data from hacks and ransomware attacks. ...

隱私資訊

本網站使用 cookie 和其他網絡存儲技術。您可以在下方設置您的隱私選項。您所作的更改將立即生效。

有關我們使用網絡儲存技術的更多資訊,請參閱我們的 數據使用和 Cookie 政策

Strictly necessary storage

ON
OFF

Necessary storage enables core site functionality. This site cannot function without it, so it can only be disabled by changing settings in your browser.

分析cookie

ON
OFF

您瀏覽本網頁時我們將以Google Analytics收集信息。接受此cookie將有助我們理解您的瀏覽資訊,並協助我們改善呈現資訊的方法。所有分析資訊都以匿名方式收集,我們並不能用相關資訊得到您的個人信息。谷歌在所有主要瀏覽器中都提供退出Google Analytics的添加應用程式。

市場營銷cookies

ON
OFF

我們從第三方網站獲得企業責任資訊,當中包括社交媒體和搜尋引擎。這些cookie協助我們理解相關瀏覽數據。

您在此網站上的隱私選項

本網站使用 cookie 和其他網絡儲存技術來增強您在必要核心功能之外的體驗。