23andMe's Collapse Sparks Data Privacy Warnings from Cybersecurity Experts

By Madelaine Panganiban

Updated: Mar 26 2025, 04:45 AM EDT

23andMe’s Collapse Sparks Data Privacy Warnings from Cybersecurity Experts — A sign is posted in front of the 23andMe headquarters on February 01, 2024 in Sunnyvale, California. Genetic testing company 23andMe, once valued at $6 billion, is facing the possibility of delisting from NASDAQ as the company navigates numerous class action lawsuits Justin Sullivan/Getty Images/Getty Images

23andMe's recent bankruptcy filing has sparked growing concerns among cybersecurity experts and consumers about the safety of sensitive genetic data.

With the company seeking a new owner, many are questioning what will happen to the personal information of over 15 million users.

The genetic testing firm, known for its ancestry and health risk reports, filed for Chapter 11 bankruptcy on Sunday.

The move comes amid declining demand for its services and financial struggles. New York Attorney General Letitia James has urged customers to take precautions, highlighting the risks of personal data falling into the wrong hands.

According to Reuters, Cybersecurity professionals warn that genetic data is unique and highly sensitive. "Genetic data isn't just another piece of personal information—it's a blueprint of your entire biological profile," said Adrianus Warmenhoven, a cybersecurity expert at NordVPN.

"When a company like 23andMe collapses, its data becomes a valuable asset that could be sold or misused."

Although 23andMe insists that its privacy policies remain unchanged, concerns persist. The company stated, "The bankruptcy process does not impact how we store, manage, or protect customer data."

However, experts argue that bankruptcies can create vulnerabilities, including the risk of data breaches and misuse by potential buyers.

Amid 23andMe's Chapter 11 bankruptcy, urgent concerns rise over the fate of sensitive genetic data. How can users protect themselves?

Learn more: https://t.co/KRphtmqRtO #GeneticPrivacy #DataSecurity #23andMe #CyberSecurity #DataProtection #PrivacyRights pic.twitter.com/cHRwnSkbM0
— Nex Secura (@nexsecura) March 26, 2025

Users Rush to Delete Data as 23andMe Faces Uncertain Future

The company's history with data security issues has only amplified fears. In 2023, a cyberattack exposed the genetic information of nearly seven million users.

The breach led to a $30 million settlement after affected customers sued the company for failing to safeguard their data. Some fear that with fewer employees managing security during bankruptcy, the chances of another breach may increase,AP News said.

Many users have started deleting their accounts, with social media flooded with guides on how to remove personal data from the platform.

California Attorney General Rob Bonta has also reminded users of their rights, stating, "Consumers have the right to delete their data, and they should consider doing so given 23andMe's financial distress."

Despite concerns, 23andMe assures users that data will remain protected under its current privacy policy unless customers are notified otherwise. "Any buyer will be required to comply with applicable laws regarding customer data," the company stated on its website.

However, with no federal privacy law in place in the US, protections vary by state, leaving many uneasy about their information's future.

Experts stress that once genetic data is compromised, there's no way to change it. Unlike passwords or email addresses, DNA is permanent.

David Choffnes, a professor at Northeastern University, explained, "If your email is hacked, you can create a new one. If your genetic data is leaked, there's nothing you can do to replace it."