TechCrunch reports that the Office of the Privacy Commissioner of Canada and the UK's Information Commissioner's Office have partnered to conduct a joint probe into last year's massive data breach at 23andMe, which resulted in the compromise of sensitive information belonging to 6.9 million users.
Aside from investigating the extent of data exposure and possible harm to impacted individuals, both the OPC and ICO will also be looking into the U.S. genetic testing provider's implementation of data security protections, as well as the timeliness of breach notifications to regulators.
"This data breach had an international impact, and we look forward to collaborating with our Canadian counterparts to ensure the personal information of people in the UK is protected," said ICO Commissioner John Edwards.
Meanwhile, 23andMe has already committed to collaborate in the joint probe.
"We intend to cooperate with these regulators’ reasonable requests relating to the credential stuffing attack discovered in October 2023," said 23andMe spokesperson Andy Kill.