The genetic testing company 23andMe is facing financial struggles and a potential bankruptcy. This has raised concerns about what will happen to the DNA data of millions of customers. 23andMe was founded in 2006 and became one of the largest companies offering direct-to-consumer genetic testing.
Customers could order a saliva test kit online, provide a sample, and receive information about their health, ancestry, and other traits. The company grew rapidly as the price of testing dropped and expanded globally. However, 23andMe has faced setbacks in recent years.
In 2023, a data breach affected nearly seven million users, leading to a class-action lawsuit settlement. Several executives have resigned, and the company is reportedly on the brink of bankruptcy. The company’s chief executive, Anne Wojcicki, has assured customers that their privacy will be maintained.
However, if the company goes bankrupt or is sold, people’s genetic information could potentially be transferred to new owners. To protect their data, customers can delete their 23andMe account, which opts them out of future research and discards their saliva sample.
Options amid data breach concerns
However, data that has already been de-identified and used in research cannot be retrieved. Experts advise consumers to carefully consider the legal conditions and privacy policies of any company offering DNA tests. Guidelines from organizations can help consumers understand their rights.
The settlement of the class-action lawsuit related to the data breach could pay up to $10,000 to affected customers who can prove hardships such as identity fraud or mental health treatment. Residents of certain states may be eligible for additional payments due to specific genetic privacy laws. As 23andMe faces an uncertain future, customers are concerned about the security of their genetic data.
While the company has pledged to maintain its privacy policy, the potential for changes in ownership has raised questions about data protection. Cybersecurity experts advise 23andMe account holders to review the company’s privacy policies and consider deleting their data. Genetic privacy laws offer some protections, but the long-term implications of sharing genetic information with third parties remain a concern.
To delete their data, 23andMe customers can log in to their account, submit a request through Account Settings, and verify the confirmation email to begin the deletion process. However, data already shared for research purposes cannot be retracted. As awareness grows about the potential misuse of genetic information, consumers are urged to carefully consider the risks and implications of sharing their DNA with any third party.