California’s Attorney General warns 15 million 23andMe customers to delete their genetic data as the company files for bankruptcy, raising serious privacy concerns about what happens to sensitive DNA information when biotech firms fail.
Key Takeaways
- California Attorney General Rob Bonta has issued a consumer alert advising 23andMe customers to delete their genetic data due to the company’s financial instability and bankruptcy filing.
- 23andMe’s market value has plummeted from $6 billion in 2020 to current shares trading at less than $2, down from over $320 in February 2021.
- The company recently experienced a major data breach affecting 6.9 million customers and settled related lawsuits for $30 million.
- California’s Genetic Information Privacy Act gives consumers the right to have their genetic data permanently deleted.
- 23andMe’s privacy policy allows for the transfer of personal information if the company is sold, creating uncertainty about future data handling.
Financial Collapse Threatens Customer Privacy
Once valued at $6 billion in 2020, genetic testing company 23andMe has filed for Chapter 11 bankruptcy protection amid a catastrophic financial decline. The company’s shares, which traded for over $320 in February 2021, now sit at less than $2 per share. This dramatic collapse prompted California Attorney General Rob Bonta to issue an unprecedented warning to the company’s 15 million customers who have shared their most personal biological information—their DNA—with the struggling firm. The bankruptcy filing is designed to facilitate the sale of the company, creating uncertainty about who might eventually control this treasure trove of genetic data.
The financial troubles follow several strategic missteps, including an unsuccessful expansion into drug development that has since been shuttered. Last November, the company laid off 40% of its workforce in a desperate attempt to cut costs. Adding to these woes, co-founder and CEO Anne Wojcicki recently resigned, though she has stated her intention to pursue acquiring the company as an independent bidder. In the interim, CFO Joe Selsavage will serve as CEO while the company operates with $35 million in emergency financing during bankruptcy proceedings.
23 and Me is going bankrupt. Better delete your data if you used the service. https://t.co/N6yB0Sl3Zb
— Andrew G. Huff, PhD, MS 🇺🇸 (@AGHuff) March 24, 2025
Data Breach Amplifies Security Concerns
Security concerns heightened significantly last year when 23andMe suffered a major data breach affecting 6.9 million users—nearly half of its customer base. This breach further damaged the company’s reputation and resulted in a $30 million settlement. The incident revealed the vulnerability of highly sensitive genetic information that can reveal predispositions to diseases, ancestry details, and biological relationships. The company has listed assets and liabilities between $100 million and $500 million in its bankruptcy filing, raising questions about its ability to maintain robust security protocols.
“Given 23andMe’s reported financial distress, I remind Californians to consider invoking their rights and directing 23andMe to delete their data and destroy any samples of genetic material held by the company,” Bonta said in a statement Friday.
Privacy experts warn that genetic data breaches pose extraordinary risks compared to typical data compromises. Unlike credit card information that can be changed after theft, genetic information is permanent and immutable. This data could potentially be misused for discrimination in insurance coverage, employment decisions, or other contexts where genetic predispositions might influence decisions. Furthermore, the company holds genetic information not only of its direct customers but potentially millions of their biological relatives as well.
California Law Offers Protection
California residents have significant legal protections under the state’s pioneering privacy laws. The California Genetic Information Privacy Act and California Consumer Protection Act specifically require companies to obtain explicit consent for the collection and use of genetic data and grant consumers the right to have their information permanently deleted. Attorney General Bonta’s consumer alert emphasizes these rights as crucial protections during the company’s uncertain future.
For concerned customers, the deletion process is straightforward but requires several steps. Users must log into their 23andMe account, access the settings menu, navigate to the data section, select “view,” and then choose “permanently delete data.” The company requires email verification to complete this process. While 23andMe maintains that there are currently no changes to how customer data is stored or protected, privacy advocates suggest acting promptly given the uncertain fate of the company and its valuable genetic database.
