Tech startup 23andMe, which holds the genetic data of over 15 million customers, has recently faced significant challenges, including a data breach and bankruptcy filings, raising concerns among users regarding the safety of their personal information.
In October 2023, CEO Anne Wojcicki announced her resignation as the company filed for bankruptcy. The move came after the company’s board of directors disbanded six months earlier, citing differences over strategic direction.
23andMe is known for providing genetic testing services for medical and genealogical purposes, having amassed DNA data from more than 15 million customers. Despite initial expectations of becoming one of the world’s most valuable tech unicorns, the company has not reported any profits since going public in 2021.
Following data theft incidents and various class action lawsuits, customers are increasingly anxious about the fate of their data. Many are considering deleting their information from 23andMe to mitigate potential risks. Concerns have intensified after it was revealed that hackers put a significant amount of user data up for sale on the Dark Web in October 2023, including sensitive details like names and birth dates. By December, it was confirmed that the genealogical data of nearly 7 million users had been accessed, with around 14,000 accounts directly compromised.
It was reported that 23andMe took five months to identify the breach, which has led to a lawsuit estimated at $30 million. Following this turmoil, independent directors on the board also resigned.
To address its financial struggles, 23andMe’s executives are exploring options to sell the company, which raises the possibility that user data could be included in such a sale. This development has sparked significant controversy, with many users expressing strong opposition to the idea of their genetic data being treated as a commercial asset.
James Hazel, a biomedical researcher, highlighted the challenges of controlling data once it becomes public. Digital privacy advocates, such as the director of cybersecurity at the Electronic Frontier Foundation, have urged users to consider deleting their data from the platform. Their message reached a wide audience, garnering over 531,000 views within three days.
23andMe collects various types of personal information, including registration details, genetic information, saliva samples, and self-reported data. While the company states it does not share this data with employers, insurance companies, law enforcement, or public databases, user concerns persist as the company’s future remains unclear.
Users also have the option to opt out of “23andMe Data” in their health records, but the company notes that it is legally required to retain certain information even if a user chooses to delete their account. Their privacy statement confirms that genetic information, along with date of birth and gender, must be retained for legal compliance.
Experts have indicated that the issues facing 23andMe serve as a critical reminder to both users and regulators about the implications of collecting and storing sensitive data such as DNA. While genetic data holds significant potential in the medical field, unauthorized access poses irreversible risks. Once sensitive information is compromised, it can lead to unpredictable consequences for those affected.