23andMe Bankruptcy and Your DNA: The Complete Guide to Genetic Data Privacy

You spit in a tube, mailed it off, and learned that you are 3% Neanderthal. Fun, right? Except now the company that holds your most intimate biological data — 23andMe — has filed for bankruptcy. And your DNA might be on the auction block.

In March 2025, 23andMe filed for Chapter 11 bankruptcy protection. The company's database of approximately 15 million users' genetic profiles is now considered a corporate asset — one that could be sold to the highest bidder. This is not a hypothetical privacy risk. It is happening right now.

Why DNA Data Is Unlike Any Other Personal Information

You can change a leaked password. You can cancel a compromised credit card. You cannot change your DNA. Ever.

Regular Personal Data	Genetic Data
Can be changed or reset	Permanent and immutable
Affects only you	Exposes your entire family
Limited scope of damage	Reveals disease risk, ancestry, drug response
Well-established legal protections	Regulatory gaps remain

Your Family Didn't Consent

When you submit your DNA, you are also partially exposing your parents, siblings, and children. The "DNA Relatives" feature has revealed unknown half-siblings and family secrets. Your decision affects people who never signed up.

The 23andMe Timeline of Collapse

1. October 2023: Hackers accessed profile information on 6.9 million users through credential stuffing
2. 2024: Stock price collapsed, massive layoffs, board members resigned
3. March 2025: Chapter 11 bankruptcy filing
4. Ongoing: Genetic database up for sale as a corporate asset

The Core Problem

Under bankruptcy law, customer data is classified as an asset. Pharmaceutical companies, insurance firms, data brokers, or even foreign entities could potentially purchase your genetic blueprint. California's Attorney General urged users to delete their data, but enforcement options are limited.

What Could Go Wrong With Your DNA Data

• Insurance discrimination: Denied coverage based on genetic predisposition to disease
• Employment bias: Passed over for jobs due to genetic health markers
• Targeted exploitation: Predatory marketing based on your health vulnerabilities
• Law enforcement overreach: Your DNA used to implicate family members in investigations
• Identity synthesis: Biometric data combined with other stolen information for fraud

How to Delete Your 23andMe Data Right Now

Step-by-Step Deletion

1. Log into your 23andMe account
2. Go to Settings → 23andMe Data
3. Scroll to Delete Data
4. Confirm deletion (this destroys your sample and data)
5. Note: deletion may take up to 30 days

Important Caveats

• Data already shared with research partners may not be retrievable
• If you used "DNA Relatives," matches you found may have saved screenshots
• Anonymized data in aggregate research datasets cannot be deleted

Before You Take Any DNA Test: A Checklist

• Read the privacy policy — specifically the data retention and third-party sharing sections
• Check what happens to your data if the company is sold or goes bankrupt
• Verify whether research participation consent is separate from the core service
• Confirm the data deletion process before you submit your sample
• Discuss with family members who will be indirectly affected

The Regulatory Landscape

Current Protections (and Their Limits)

Law	What It Covers	What It Misses
GINA (US)	Bans genetic discrimination in employment and health insurance	Does not cover life, disability, or long-term care insurance
HIPAA (US)	Protects health data held by healthcare providers	DTC testing companies are not covered entities
GDPR (EU)	Classifies genetic data as special category	Enforcement varies across member states
State Laws (CA, IL)	Additional consumer protections	Patchwork of inconsistent rules

What Needs to Change

Genetic data needs its own legal framework — one that treats DNA as what it is: irrevocable, familial, and uniquely sensitive. Current laws were not written for an era when a bankrupt startup can auction off millions of people's genetic code.

How to Safely Share Sensitive Health Information

There are legitimate reasons to share genetic test results — with your doctor, a genetic counselor, or family members. But sending screenshots through iMessage or Messenger leaves permanent copies on multiple devices and servers.

When you need to share sensitive medical or genetic information, use an encrypted, password-protected channel. LOCK.PUB lets you create secure, password-protected links for sharing sensitive documents that only the intended recipient can access.

Looking Ahead

The 23andMe bankruptcy is a warning shot for the entire DTC genetic testing industry. Companies like AncestryDNA, MyHeritage, and others hold similarly massive databases. Any of them could face financial difficulties, acquisitions, or data breaches.

What You Should Do Today

1. Inventory every DNA testing service you have ever used
2. Request data deletion from services you no longer need
3. Withdraw research participation consent where possible
4. Download your raw data file before deleting (store it encrypted locally)
5. Warn family members about the shared nature of genetic data
6. Use tools like LOCK.PUB when sharing any health information digitally

---

Your DNA is the most personal data that exists. The 23andMe bankruptcy proves that no company can be trusted to guard it forever. Take control of your genetic privacy today — before someone else takes it from you.