DNA testing firm 23andMe fined 2.3m by UK regulator for 2023 data hack.

In the summer of 2023, the U.S.-based company 23andMe was the victim of a major hacking attack; dealing with genomics and biotechnology, the company in question has, over the years, become an unrelenting source of sensitive data of billions of users, including medical and family information such as hereditary health conditions and family trees. The breach occurred thanks to a common weakness related to users' failure to change passwords following a credential theft that occurred at the hands of third parties.

23andMe found out about the breach because of a post on Reddit. An employee at the time learned of what happened due to the attempted sale of the stolen data on the mentioned platform, thus going to point out the company's complete lack of protection and control of information safeguarding.

Two years after the incident, 23andMe was officially fined more than £2.3 million by the British authorities due to its failure to protect the personal information of more than 150,000 UK citizens.