When Data Gets Personal: The 23andMe Breach

On June 5, 2025, the UK’s Information Commissioner’s Office, or ICO, issued a £2.3 million fine—about $3.1 million U.S.—against California-based genetic testing company 23andMe. The reason? A serious data breach that exposed the sensitive personal data of 150,000 UK individuals.

Let’s unpack what happened—and why it matters far beyond the biotech sector.

Read the full article: The ICO’s Penalty Against 23andMe Brings New Emphasis on Cybersecurity Risks – Key Takeaways for U.S. Companies

About the authors

• Caroline Churchill
• Jenny Gibbs
• Tara N. Cho, CIPP/US, CIPP/E
• Drew Wilson, CIPP/US