The genetic testing company 23andMe, once a pioneer in consumer DNA testing, has filed for Chapter 11 bankruptcy amid financial struggles, a leadership shakeup and growing concerns about the security of its customers’ genetic data. Let’s take a look at the implications of this development and some steps to safeguard your sensitive information.

Stay protected & informed! Get security alerts & expert tech tips – sign up for Kurt’s The CyberGuy Report now.

The fall of 23andMe: A timeline of challenges

23andMe’s journey from a $6 billion valuation in 2021 to bankruptcy in 2025 has been marked by significant hurdles.

• Data breach in 2023: A cyberattack compromised the genetic and personal data of nearly 7 million users, leading to lawsuits and reputational damage.
• Leadership reshuffle: CEO Anne Wojcicki resigned as part of the bankruptcy announcement, positioning herself as a potential buyer of the company.
• Financial decline: The company’s stock plummeted from over $300 per share to less than $1, reflecting its deteriorating financial health.
• Workforce reductions: In November 2024, 23andMe laid off 40% of its employees as part of restructuring efforts.
• Bankruptcy filing and sale process: On March 23, 2025, 23andMe initiated voluntary Chapter 11 proceedings in the U.S. Bankruptcy Court for the Eastern District of Missouri to facilitate a sale process aimed at maximizing the value of its business. The company intends to continue its normal operations throughout this process and has emphasized that there will be no changes to how customer data is stored, managed or protected.

Despite these challenges, the company has stated that its bankruptcy filing will not affect how it manages or protects customer data. However, concerns remain about the potential sale of its assets, including sensitive genetic information.

23andMe board seeks to maximize value through a court-supervised sale

“After a thorough evaluation of strategic alternatives, we have determined that a court-supervised sale process is the best path forward to maximize the value of the business,” said Mark Jensen, chair and member of the special committee of the board of directors of 23andMe. “We expect the court-supervised process will advance our efforts to address the operational and financial challenges we face, including further cost reductions and the resolution of legal and leasehold liabilities. We believe in the value of our people and our assets and hope that this process allows our mission of helping people access, understand and benefit from the human genome to live on for the benefit of customers and patients.”

Jensen continued, “We want to thank our employees for their dedication to 23andMe’s mission. We are committed to supporting them as we move through the process. In addition, we are committed to continuing to safeguard customer data and being transparent about the management of user data going forward, and data privacy will be an important consideration in any potential transaction.”

EMPLOYEE SCREENING DATA BREACH EXPOSES 3.3 MILLION RECORDS

What happens to your genetic data during bankruptcy?

When a company like 23andMe files for bankruptcy, its assets, including customer data, can become part of the sale process. While privacy laws in some states, such as California’s Genetic Information Privacy Act, require explicit consent before transferring genetic data to a new owner, the risk of misuse or unauthorized access remains.

23andMe has assured customers that any buyer will be required to comply with applicable privacy laws. However, genetic data is a valuable asset that could be exploited if not adequately safeguarded.

Additionally, only a week and a half ago, 23andMe updated their terms and conditions, which I’ve reviewed. They’ve added an important legal disclosure that could prevent an individual from filing a lawsuit with expectations of a court trial. Instead, unless you opt out by notifying 23andme within 30 days of first use, you are automatically bound to the new terms that force parties into an arbitration path for any legal remedies that could arise now or in the future.

I strongly urge you to protect your rights by emailing arbitrationoptout@23andme.com with a clear notification that you intend to opt out of arbitration. Make sure to use the email address associated with your 23andme account. That would be the first thing you should do in my next steps that you may wish to take to protect your rights and privacy now.

HOW TO PROTECT YOUR DATA FROM IRS SCAMMERS THIS TAX SEASON

Steps to protect your genetic data

If you’re a 23andMe user or considering using similar services, here are steps you can take to protect your sensitive information and safeguard your data from potential misuse or theft.

1) Opt out of arbitration: If you wish to retain your right to sue the company in case of future issues, opt out of arbitration agreements by emailing your notification to opt out of arbitration arbitrationoptout@23andme.com within 30 days of first use.

2) Review privacy preferences: Regularly check your privacy and data-sharing settings to ensure they align with your comfort level.

3) Limit research participation: Disable participation in research or product development initiatives if you’re concerned about how your data might be used.

4) Download and secure your data: Before considering account deletion, download your genetic record and store it securely on an encrypted device or cloud service.

5) Request data deletion: If you no longer wish for your data to be stored by 23andMe, request its deletion through your account settings. Ensure you also ask for the destruction of any physical samples.

6) Use strong passwords and multifactor authentication: Creating unique, complex passwords for each of your accounts and devices is essential. Avoid reusing passwords across multiple accounts; this kind of password reuse was a factor in the recent 23andMe data breach. Enable two-factor authentication wherever it’s offered to add an extra layer of security that helps prevent unauthorized access even if your password is compromised. Check out my best expert-reviewed password managers for 2025 here.

7) Monitor for suspicious activity and use identity theft protection: Genetic data leaks can lead to identity theft or medical fraud. Consider signing up for an identity theft protection service that monitors personal information, such as your Social Security number, phone number and email, alerting you if this data is found on the dark web. Some identity theft services also include up to $1 million in identity theft insurance to cover losses and legal fees and a dedicated fraud resolution team with a U.S.-based case manager to help you recover any stolen assets or identity. See my expert recommendations here: Best identity theft protection services for 2025 here.

TIDY UP YOUR TECH: SPRING CLEANING TIPS FOR SAFEGUARDING YOUR DATA

Kurt’s key takeaways

The bankruptcy of 23andMe serves as a cautionary tale about the risks associated with sharing sensitive genetic information. While the company has pledged to maintain its privacy standards during this turbulent period, consumers must remain vigilant. By taking control of your data now, whether through enhanced privacy settings or deletion, you can better protect yourself against potential misuse in uncertain times.

Do you think genetic testing companies are doing enough to protect your data in the face of financial instability and potential bankruptcy? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Alert: Malware steals bank cards and passwords from millions of devices.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.