23andMe Goes Bankrupt Following Disastrous Data Breach

Uploaded on 2025-03-25 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

23andMe, a leading human genetics and biotechnology company, has announced that it has initiated voluntary Chapter 11 proceedings in the US Bankruptcy Court for the Eastern District of Missouri.

The company’s aim is to enable a sale process and to maximise the value of its business and as a consequence, millions of people will find that their DNA data is put up for sale.

The Company intends to continue operating its business in the ordinary way throughout the sale process. There are no changes to the way the company stores, manages, or protects customer data and it monitored a surge in DNA testing a couple of years ago. If you've ever used the service this means that your data could be on the table for sale.

Founded in 2006, 23andMe has steadily amassed a database of millions of people’s fundamental genetic information under the promise of helping them understand their disposition to diseases and potentially connecting with relatives. In 2023 th company suffered a disastrous event when hackers gained access to the private data of 6.9 million users. The stolen data included the person’s name, birth year, relationship labels, the percentage of DNA shared with relatives and ancestry reports.

The subsequent mishandling of the breach by the company prompted a backlash from customers and investors, likely contributing to its financial failure. Now, the company’s bankruptcy filing means that customer information is poised to be sold, causing serious concerns amongst privacy experts and advocates.

23andMe's privacy statement, which all customers must accept to use the service, contains provisions that it may sell your personal information if it is ever involved in bankruptcy proceedings. The California Department of Justice Attorney General has issued an urgent customer alert, outlining some of the actions customers can take to protect their data before 23andMe sells it off to the highest bidder.

Customers can delete their account and personal information on 23andMe's website, specifically in the Settings section of their profile. Before you do, you can also download a copy of your data for your personal storage, before selecting "Delete Data" in the 23andMe Data section.

Customers who previously opted to have your saliva and DNA stored by 23andMe, can also change this preference and get it destroyed by the company in the Preferences section. They can also revoke permission for their genetic data to be used for research in the Research and Product Consents section of the account settings page.

By deleting your account this should ensure your personal data, genetic data included, gets deleted, however there are some problems.

23andMe has insisted that any new owner would have to comply with existing laws around the sale and use of consumer genetic data, but the reality in the US is that only a handful of states legally protect this type of personal information. These are primarily targeted at California consumers but everyone who has ever used 23andMe can access these settings and should be able to carry out at least some of the steps to protect their data.

The main thing you should do to protect your genetic privacy is to delete your account.

There is, however, one problem, The company says it will have to retain some information in its archives even if you delete your account. “23andMe and/or our contracted genotyping laboratory will retain your Genetic Information, date of birth, and sex as required for compliance with applicable legal obligations … even if you chose to delete your account,” the company’s privacy policy reads.

Image: Ideogram

You Might Also Read:

23andMe Sparks A Rethink About Safeguarding Critical Data:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.