Find notable cyber news and cases, enriched with sources, timelines, and signals.

23AndMe multistate genetic-data settlement and ICO fine

Regulatory/Legal Action
First reported
Last updated
Happening score
H score 55
1 unique sources, 1 articles

Summary

Hide ▲

23andMe agreed to pay $18 million to settle multistate claims over its failure to protect customers' genetic data, extending the legal fallout from the 2023 breach. Regulators said the company lacked basic safeguards such as multifactor authentication, password blocklisting, rate limiting, intrusion prevention, and breach-detection monitoring. The settlement also adds new security requirements, including a data security advisory board and risk analysis protocols. A separate UK ICO fine of £2.31 million adds further regulatory pressure over the same security failures.

Related Happenings

23AndMe hit by network compromise

Incident
H score73 First: 16.07.2026 16:47 Last: 16.07.2026 16:47 Sources 1

How related: 23andMe disclosed a massive data breach in October 2023, following credential-stuffing attacks that went unnoticed for five months, from April 2023 to September 2023.

About this happening: 23andMe disclosed a credential-stuffing breach that exposed data on 6.9 million customers, including genetic ancestry information. The unauthorized access ran from A...

NHS awareness campaign and guidance on unauthorized patient-data access

Public Sector Action
H score8 First: 10.07.2026 12:00 Last: 10.07.2026 12:00 Sources 1

About this happening: The NHS launched a new awareness-raising campaign and guidance to curb unauthorized access to patient data across staff and healthcare organizations. The initi...

ICO formal caution in Princess of Wales records case

Regulatory/Legal Action
H score28 First: 18.06.2026 17:45 Last: 18.06.2026 17:45 Sources 1

About this happening: The ICO issued a formal caution to a former London healthcare professional under section 170(5) after reviewing prosecution criteria in a case involving the Prin...

ICO releases five-step AI cyber guidance

Public Sector Action
H score18 First: 14.05.2026 12:00 Last: 14.05.2026 12:00 Sources 1

About this happening: The UK Information Commissioner’s Office (ICO) released a five-step guide urging organizations to prepare for AI-powered cyber threats, making it clear that stronger r...

ICO fine against South Staffordshire Water for data breach

Regulatory/Legal Action
H score69 First: 12.05.2026 11:30 Last: 12.05.2026 11:30 Sources 1

About this happening: The ICO finalized a nearly £1m penalty against South Staffordshire Water and South Staffordshire PLC, resolving a cyber enforcement action tied to a breach that ex...

Timeline

  1. 16.07.2026 16:47 2 articles · 1h ago

    23andMe agrees to $18 million multistate settlement over genetic data protections

    Legal Policy Action Update

    23andMe agrees to pay $18 million to settle claims from a coalition of 43 attorneys general over failure to protect customers' genetic data, after the 2023 breach exposed data on 6.9 million customers and investigators cited missing multifactor authentication, password blocklisting, rate limiting, intrusion prevention, and breach-detection monitoring. The settlement also adds a data security advisory board, risk analysis protocols, and continued consumer rights to delete their data.

    Show sources