{"id":3988,"date":"2024-06-11T15:40:08","date_gmt":"2024-06-11T20:40:08","guid":{"rendered":"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/canada-and-uk-partner-in-joint-23andme-data-breach-investigation"},"modified":"2024-06-11T15:40:08","modified_gmt":"2024-06-11T20:40:08","slug":"canada-uk-partner-in-joint-23andme-data-breach-investigation","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/06\/11\/canada-uk-partner-in-joint-23andme-data-breach-investigation\/","title":{"rendered":"Canada &amp; UK Partner in Joint 23andMe Data Breach Investigation"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/blta8e4bbddd0938476\/6668b29fcfa9722dbfc88017\/23andMe%281800%29_michelmond_alamy.jpg?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/canada-uk-partner-in-joint-23andme-data-breach-investigation.jpg?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/canada-uk-partner-in-joint-23andme-data-breach-investigation.jpg?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Authorities in Canada and the UK have launched a joint investigation into a<\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/23andme-files-credential-stuffing-attack-with-sec\" rel=\"noopener\"> 23andMe data breach<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> that occurred last October.&nbsp;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">That&#8217;s when a threat actor posted on the Dark Web claiming possession of 23andMe profile information, ultimately releasing roughly 4 million company records. 23andMe launched an investigation, discovering that the breach was a credential-stuffing attack that affected around 7 million people.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The discovery of the attack led the company to <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/01\/23andme-blames-negligent-breach-victims-says-its-their-own-fault\" rel=\"noopener\">blame the victims of the breach<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">, saying they were negligent in reusing their passwords that had previously been exposed in past data breaches.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The joint investigation now seeks to protect the &#8220;fundamental right to privacy of individuals across jurisdictions,&#8221; as 23andMe is considered to be &#8220;a custodian of highly sensitive personal information&#8221; such as genetic history, health, ethnic background, and biological relationships.&nbsp;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The countries will investigate the scope of the breached information, whether 23andMe had safeguards in place to protect that sensitive information, and whether the notifications the company provided to the regulators was adequate.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&#8220;People need to trust that any organization handling their most sensitive personal information has the appropriate security and safeguards in place,&#8221; <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.priv.gc.ca\/en\/opc-news\/news-and-announcements\/2024\/an_240610b\/\" rel=\"noopener\">said UK&nbsp;Information Commissioner John Edwards<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">. &#8220;This data breach had an international impact, and we look forward to collaborating with our Canadian counterparts to ensure the personal information of people in the&nbsp;UK&nbsp;is protected.\u201d<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Edwards and Canadian Privacy Commissioner Philippe Dufresne will be jointly investigating the breach.<\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/canada-and-uk-partner-in-joint-23andme-data-breach-investigation\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Authorities in Canada and the UK have launched a joint<\/p>\n","protected":false},"author":12,"featured_media":3989,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-3988","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/canada-uk-partner-in-joint-23andme-data-breach-investigation.jpg?fit=1800%2C1013&ssl=1",1800,1013,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/canada-uk-partner-in-joint-23andme-data-breach-investigation.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/canada-uk-partner-in-joint-23andme-data-breach-investigation.jpg?fit=300%2C169&ssl=1",300,169,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/canada-uk-partner-in-joint-23andme-data-breach-investigation.jpg?fit=640%2C360&ssl=1",640,360,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/canada-uk-partner-in-joint-23andme-data-breach-investigation.jpg?fit=640%2C360&ssl=1",640,360,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/canada-uk-partner-in-joint-23andme-data-breach-investigation.jpg?fit=1536%2C864&ssl=1",1536,864,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/canada-uk-partner-in-joint-23andme-data-breach-investigation.jpg?fit=1800%2C1013&ssl=1",1800,1013,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/canada-uk-partner-in-joint-23andme-data-breach-investigation.jpg?fit=1024%2C576&ssl=1",1024,576,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/canada-uk-partner-in-joint-23andme-data-breach-investigation.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/canada-uk-partner-in-joint-23andme-data-breach-investigation.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/canada-uk-partner-in-joint-23andme-data-breach-investigation.jpg?fit=1800%2C1013&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3988","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=3988"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3988\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/3989"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=3988"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=3988"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=3988"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}