The Register: 23andMe hit with £2.3M fine after exposing genetic data of millions

Jun 17, 2025

—

Source URL: https://www.theregister.com/2025/06/17/23andme_ico_fine/
Source: The Register
Title: 23andMe hit with £2.3M fine after exposing genetic data of millions

Feedly Summary: Penalty follows year-long probe into flaws that allowed attack to affect so many
The UK’s data watchdog is fining beleaguered DNA testing outfit 23andMe £2.31 million ($3.13 million) over its 2023 mega breach.…

AI Summary and Description: Yes

Summary: The UK’s data regulator is imposing a substantial fine on 23andMe due to a significant data breach that occurred in 2023. This incident underscores ongoing challenges in data security and compliance in the biotechnology sector, emphasizing the need for robust data protection measures.

Detailed Description: The article discusses a recent enforcement action taken by the UK’s Information Commissioner’s Office (ICO) against 23andMe, a personal genomics and biotechnology company. The company has been fined £2.31 million ($3.13 million) following a year-long investigation into vulnerabilities that led to a major data breach. This situation brings to light various key points relevant to professionals engaged in security, privacy, and compliance:

– **Regulatory Action**: The ICO’s involvement highlights the increasing scrutiny regulatory bodies are applying to ensure compliance with data protection laws such as the UK GDPR.
– **Financial Penalties**: The penalty reflects the severity of the breach and serves as a warning to other firms in sensitive industries regarding the financial repercussions of failing to protect personal data.
– **Impact of Breaches**: This breach not only affects the company’s financial standing but also damages trust with consumers, which is critical for companies managing sensitive health-related data.
– **Data Security Practices**: The incident signifies the necessity for organizations, especially in the biotech domain, to enhance their cybersecurity practices to safeguard against vulnerabilities that can lead to data breaches.
– **Compliance and Governance**: The case reinforces the importance of maintaining compliance frameworks that meet regulatory expectations, thereby positioning organizations to effectively respond to potential data security incidents.

For security and compliance professionals, this incident serves as a critical reminder of the vulnerabilities that exist within personal data management and the imperative to adopt proactive security measures to mitigate risks associated with data breaches.

1 2 2025 23andMe 3 5 7 a Act after AGI AI alt and anti app art as attack AWS Bi biotech biotechnology breach breaches by C challenges CI CIA co companies compliance compliance and governance compliance framework compliance frameworks compliance professionals consumer core critical cyber cybersecurit Cybersecurity cybersecurity practices D data data breach Data breaches data management Data Protection data protection laws data protection measures data security data security practices de domain e effective enforcement exp fail financial financial penalties fine flaws for framework frameworks g GDPR Gen genetic data genomics GIS Go governance gs H health high Highlight http HTTPS ICO in incident information investigation io IoT J k Key l law led Li long low M man management measures mission N NGO no nomic o of off on one only opt organization organizations ory oS other out over Penalties personal data personal data management point potential practices privacy proactive proactive security proactive security measures professionals protection protection measures ps R RCE red regulatory Regulatory Action regulatory bodies regulatory expectations Risk risks Ro RoT Rust s safe sec sector security security and compliance security incident security incidents security measure security measures security practices severity Sig SoC source SSE SSO STIG T tech technology technology sector ted test Testing the to Tor TP trie trust UK under US V vulnerabilities Wi x