23andMe bankruptcy puts 15 million Americans’ DNA data at risk
By isabelle // 2025-03-25
Copy
 
  • 23andMe filed for Chapter 11 bankruptcy, putting 15 million users' genetic data at risk of being sold.
  • The company operates outside federal health privacy laws, leaving millions of people's DNA vulnerable to exploitation by unknown buyers, which could potentially include China.
  • A 2023 data breach exposed 7 million users' genetic data, deepening privacy concerns.
  • CEO Anne Wojcicki resigned amid financial struggles and board disputes over her bid to buy the company.
  • Experts warn that genetic data could be weaponized for surveillance or discrimination with no legal protections in place.
23andMe, the genetic testing giant that convinced millions to hand over their saliva for ancestry insights, filed for Chapter 11 bankruptcy on Sunday, raising urgent questions about who will control the intimate genetic data of 15 million Americans. The company, which operates outside federal health privacy laws, now plans to sell itself, leaving customers’ sensitive DNA profiles vulnerable to exploitation by unknown buyers — including foreign adversaries like China. The bankruptcy filing in Missouri federal court follows years of financial struggles and a catastrophic 2023 data breach that exposed the genetic predispositions and ancestry reports of nearly 7 million users. Adding to the chaos, CEO Anne Wojcicki, who co-founded the company in 2006, resigned to pursue her own bid for 23andMe, despite repeated board rejections. With no HIPAA protections governing its trove of genetic data, the company’s fate hinges on its own malleable privacy policies, sparking fears that new owners could weaponize DNA information for profit or surveillance.

A regulatory black hole

Unlike hospitals or insurers, 23andMe exists in what is considered a legal gray zone. Its data practices are bound only by its self-written privacy policy, which explicitly warns that user information “may be accessed, sold or transferred” during bankruptcy or acquisitions. While the company claims it won’t share data with insurers or law enforcement without warrants, privacy experts warn such promises could vanish overnight under new ownership. “Folks have absolutely no say in where their data is going to go,” said Tazin Kahn of Cyber Collective, a privacy advocacy group. “How can we be so sure the downstream impact won’t be catastrophic?” The lack of federal oversight is glaring: HIPAA excludes genetic testing firms, and state laws vary wildly. Only a handful of states—like Montana and California—require explicit consent before DNA data is transferred. The stakes are existential. DNA isn’t like a credit card number; it can’t be reset. If hacked or sold to hostile entities, genetic data could expose individuals (and their relatives) to discrimination, blackmail, or even state-sponsored targeting. “This involves significant risks not only for the individual who submits their DNA, but for everyone to whom they are biologically related,” warned Emily Tucker of Georgetown’s Center on Privacy & Technology. The 2023 breach, which leaked Ashkenazi Jewish users’ data on dark web forums, proved how easily sensitive information can be leaked and spiral beyond control. Now, with 23andMe’s survival dependent on a sale, California Attorney General Rob Bonta is urging users to delete their data immediately. But even that process is fraught: The company admits some data may linger indefinitely for “compliance” reasons.

A wake-up call for genetic privacy

The 23andMe debacle underscores a disturbing reality: Americans’ most intimate data is a commodity, not a right. While the company insists it will safeguard information, its track record and the absence of legal safeguards offer little reassurance. For the 15 million who trusted the company with their DNA, the lesson is painfully clear: Once genetic information escapes into the wild, there’s no taking it back. In an era where data is power, handing your biology to a corporation isn’t just risky; it could be reckless. Sources for this article include: ReclaimTheNet.org FoxBusiness.com NBCNews.com
Copy