DNA
Genetics
23andMe files Ch.11 bankruptcy, asset sale risks 15M users' DNA data. Urgent pri...
23andMe, the pioneering genetic testing company that brought DNA analysis to millions of living rooms, filed for Chapter 11 bankruptcy protection on Sunday, capping years of financial turbulence. The move triggers a high-stakes auction of its assets—including one of the world’s largest troves of consumer genetic data—raising urgent questions about the fate of sensitive health and ancestry information belonging to 15 million users.
### **What Chapter 11 Means for Your DNA**
Chapter 11 bankruptcy allows companies to restructure debts while continuing operations, but 23andMe’s decision to sell its assets complicates the process. Under U.S. law, customer data is classified as a corporate asset unless explicitly protected. While 23andMe claims genetic information will remain secure, privacy experts warn that new owners could exploit loopholes to monetize or mishandle data.
The company [rejected](https://investors.23andme.com/news-releases/news-release-details/23andme-initiates-voluntary-chapter-11-process-maximize) a bid from co-founder and outgoing CEO Anne Wojcicki, who resigned to participate as an independent bidder. _“The board determined a competitive auction maximizes value for stakeholders,”_ said Chair Mark Jensen in a statement.
### **A History of Breaches and Broken Trust**
The bankruptcy filing follows a catastrophic year for 23andMe’s reputation. In 2023, hackers accessed 6.4 million user profiles via credential-stuffing attacks, stealing ancestry reports, health predispositions, and family tree links. The breach exposed raw genotype data—a digital blueprint of users’ DNA—which cybersecurity firm HackMitigation called “a goldmine for foreign actors or insurance fraud.”
**Samantha Cole, a 32-year-old breach victim**, told, _“I trusted them with my most personal information. Now I’m terrified it could end up in the hands of some hedge fund or worse.”_
23andMe settled a class-action lawsuit for $30 million in September 2024 but faces ongoing scrutiny. Critics slammed the company for quietly amending its Terms of Use post-breach to force disputes into arbitration, a move Consumer Advocacy Group CEO Laura Chen called _“a betrayal of users’ rights.” _
### **Regulators Sound the Alarm**
**California Attorney General Rob Bonta** issued an urgent consumer alert Monday, urging users to delete data and revoke research permissions. _“Your DNA isn’t just yours—it’s your family’s. Take action now,”_ the alert stated, providing step-by-step deletion instructions (*see graphic*).
**In the UK**, the Information Commissioner’s Office (ICO) warned that GDPR rules still bind 23andMe, requiring _“explicit consent”_ for data transfers. _“Genetic information is uniquely identifiable and immutable. Its exposure could have lifelong consequences,”_ said ICO Deputy Commissioner Stephen Bonner.
### **How to Protect Your Data**
1. **Delete Your Profile**:
- Log into 23andMe → Settings → *Permanently Delete Data* → Confirm via email.
- **Note**: Deletion may take 30 days.
2. **Destroy Your Sample**:
- Email requests@23andme.com to demand destruction of stored saliva samples.
3. **Opt Out of Research**:
- Navigate to *Privacy Preferences* → Toggle off “Consent to Research.”
*[Infographic Suggestion: Embed a visual guide to data deletion with screenshots.]*
### **Who Owns Your Genes?**
The crisis spotlights a gap in U.S. biometric privacy laws. Unlike the EU’s GDPR, which treats genetic data as “sensitive” and restricts its sale, U.S. regulations lack explicit safeguards for DNA.
_“This isn’t a spreadsheet leak—this is your biological code,”_ said Dr. Alicia Torres, a bioethicist at MIT. _“Companies treat DNA like a commodity, but morally, it should belong solely to the individual.”_
