Connect with us

Published

on

Signage at 23andMe headquarters in Sunnyvale, California, U.S., on Wednesday, Jan. 27, 2021.

David Paul Morris | Bloomberg | Getty Images

DNA testing has become a valuable tool for hobbyists and novice genealogists. For some, learning they are the 10th cousin of Paul Revere or the 15th great nephew four times removed of the last King of Prussia is worth the perceived risk of sharing a DNA sample. But what happens when the company harvesting the DNA goes bankrupt? 

That was the question posed to millions of Americans last week when 23andMe, the company that popularized consumer genetic testing and had early backing from Google, filed for bankruptcy, leading to a wave of calls for Americans to delete their DNA from the company’s database.

While it’s not 100 percent clear if the “delete your DNA” calls were warranted, privacy experts are alarmed, and Americans who had taken the genetic test took the advice to heart.

According to data from online traffic analysis company Similarweb, on March 24, the day of the bankruptcy announcement, 23andMe received 1.5 million visits to its website, a 526% increase from one day prior. According to Similarweb, 376,000 visits were made to help pages specifically related to deleting data, and 30,000 were made to the customer care page for account closure. The next day, that figure rose to 1.7 million visits, and rraffic to the delete data help page about 480,000.

Margaret Hu, professor of law and director of the Digital Democracy Lab at William & Mary Law School, thinks Americans made the right move. “This development is a disaster for data privacy,” said Hu. In her view, the 23andMe bankruptcy should serve as a warning as to why the federal government needs strong data protection laws.

In some states, Hu noted, the government is taking an active role in counseling consumers. The California Attorney General’s Office is urging Californians to delete their data and have 23andMe destroy saliva samples. But Hu says that is not enough, and such guidance should be provided to all U.S. citizens.

The potential national security implications of 23andMe’s data falling into the wrong hands are not new. In fact, the Pentagon had previously warned military personnel that these DNA kits could pose a risk to national security.

Exposing DNA collected from consumers is not a new issue for 23andMe, either. In 2023, almost 7 million people who took the genetic test were already exposed in a major 23andMe data breach. The company signed an agreement that involved a $30 million settlement and a promise of three years’ worth of security monitoring.

But Hu says the bankruptcy does make the company, and its data, especially vulnerable now.

Drug research and genetic testing data

One of the things notable about the consumer mindset in the early years of the popularization of genetic testing was that a majority of users opted into sharing their DNA for research purposes, as much as 80% in the years when 23andMe was growing rapidly. Then, as the market for consumer sale of the popular DNA test kits reached saturation sooner than many expected, 23andMe focused more on research and development partnerships with drug companies as a way to diversify its revenue.

Currently, when 23andMe sells genetic data to other research companies, most is used at an aggregate level, as part of millions of data points being analyzed as a whole. The company also strips out identifying data from the genetic data, and no registration information (like a name or email) is included. Data researchers do need, such as date of birth, is stored separately from genetic data, and shared with randomly assigned IDs.

Hu is among the experts concerned these practices could change under 23andMe or any new buyer. “In a time of financial vulnerability, companies such as pharmaceutical companies might see an opportunity to exploit the research benefits of the genetic data,” Hu said, adding that they might try to renegotiate prior contracts to extract more data from the company. “Will the next company that buys 23andMe do that?,” Hu said of its privacy policies.

In recent days, 23andMe has said it will try to find a buyer who shares its privacy values.

23andMe did not respond to a request for comment.

Anne Wojcicki, 23andMe Co-Founder & CEO pushes the button, remotely ringing the NASDAQ opening bell at the headquarters of DNA tech company 23andMe in Sunnyvale, California, U.S., June 17, 2021.

Peter DaSilva | Reuters

Over the years since 23andMe’s founding in 2006, many customers were willing to send in a swab to learn more about their family history. Lansing, Michigan resident Elaine Brockhaus, 70, and her family were excited to learn more about their lineage when they submitted samples of their DNA to 23andMe. But with the company now teetering in bankruptcy and privacy experts concerned about what happens to the millions of people with DNA samples stored, Brockhaus says the whole thing has “caused a bit of a ruckus in my family.”  

“We enjoyed some aspects of 23&Me,” Brockhaus said. “They continually refined and updated our heritage as more people joined, and they were better able to pinpoint genetically related groups,” Brockhaus said. She was able to learn more about health risk factors that were present or not present in her past.

Now, her family has come full circle in the 23andMe experience: some members were initially reluctant to go along, and now, Brockhaus says, everyone has deleted their accounts.

A unique company collapse, but everyday cyber risks

But Brockhaus continues to view 23andMe within a larger consumer health market where the risks are not new, and health information is being shared in all sorts of environments where security issues could arise. “Anyone sending ColoGuard or receiving medical results through the mail is taking a risk of exposure,” Brockhaus said. “Our very identities can be stolen with a few keystrokes. Of course, this does not mean that we should throw up our hands and agree to be victims, but unless we want to dig holes out back and live in them we have to be vigilant, proactive, but not panicked,” she added.

Jon Clay, vice president of threat intelligence at cybersecurity firm Trend Micro, says consumers of 23andMe do need to view the bankruptcy as a threat. In any sale process, if the data is not transferred and guarded in the most secure manner possible, “it is at risk of being used by malicious actors for a number of nefarious purposes,” he said.

Clay thinks 23andMe’s data is incredibly valuable to cybercriminals — not just because it’s permanent and personally identifiable, but also because it can be exploited for identity theft, blackmail, or even medical fraud.

“Cybercriminals can use it to target consumers with convincing scams and social engineering tactics, such as fraudulently claiming someone is a blood relative to another person or to send deceptive messages about their potential health risks,” Clay said. “Organizations who go bankrupt should ensure the security and privacy of their customer’s data is critical, and any sharing or selling of data to others should not be done,” he added.

But other experts say the lesson of 23andMe is less about the company’s collapse and the threat to privacy that created than serving as a reminder about the everyday cyber hazards related to personal information.

“When people start talking about personal data, they forget where their data is already sitting,” says Rob Lee, chief of research and head of faculty at SANS Institute, which specializes in helping businesses with information security and cyber issues. Whether it’s sending a blood sample into a private lab or getting rid of a laptop to upgrade to a new one, “your digital footprints are being left out there for people to find,” Lee said. “People don’t understand the scope, so there is a larger discussion out there, specifically around where does data go?”

With DNA information, there are certain basic legal factors people should weigh before swabbing themselves and sending the sample in.

According to Lynn Sessions, an expert on healthcare privacy and digital assets and partner at the law firm BakerHostetler, the federal law that covers patient information privacy, HIPAA, does not apply to this situation, and 23andMe would not be considered a HIPAA-covered entity, or business associate of one. But there are state laws that apply to genetic information that would be in play, such as in California.

Meredith Schnur, a managing director and cybersecurity leader at insurance company Marsh, thinks the risk from 23andMe’s bankruptcy for people who sent in their swabs is relatively low. “It doesn’t cause any additional consternation or heartburn,” Schnur said. “I just don’t think it opens up any additional risk that doesn’t already exist,” she said, adding that many people’s information is “already out there.”

Last week, a 23andMe co-founder, Linda Avey, blasted the company’s leadership. “Without continued consumer-focused product development, and without governance, 23andMe lost its way, and society missed a key opportunity in furthering the idea of personalized health,” Avey wrote in a social media post. “There are many cautionary tales buried in the 23andMe story,” Avey said.

The bankruptcy itself is the issue that is now hard for consumers to ignore, and until the sale process is completed, the questions will remain.

“When you’re in bankruptcy, data privacy values are not what you’re really thinking about. You’re thinking about selling your company to the highest bidder,” Hu said. That highest bidder, Hu says might take the genetic data and consumer profile data and link them together when selling it to others.

And that initial sale which includes the DNA of millions of people may only be the first of many transactions.

“It might sell it off, piece by piece, indiscriminately. And the buyer of that data might be a foreign adversary,” Hu said. “That is why this is not just a data privacy disaster. It’s also a national security disaster.”

We don't know who could buy 23andMe data and how it could be used against us, says Theresa Payton

Continue Reading

Technology

Etsy shares pop on revenue beat as company says it’s ‘staying nimble’ to tariff uncertainty

Published

on

By

Etsy shares pop on revenue beat as company says it's 'staying nimble' to tariff uncertainty

Gabby Jones | Bloomberg | Getty Images

Etsy shares jumped in premarket trading on Wednesday after the company posted better-than-expected revenue for the first quarter.

Here’s how the company did:

  • Revenue: $651.2 million vs. $643 million, according to LSEG
  • Loss: Loss per share of 49 cents

The e-commerce company reported a net loss of $52.1 million, or 49 cents per share, due to Etsy taking a $101.7 million impairment charge from the sale of Reverb. Etsy said earlier this month it will sell off the musical instrument marketplace it acquired in 2019 to focus on its core marketplace and Depop, the secondhand marketplace it bought in 2021.

Etsy operates an online marketplace that connects buyers and sellers with mostly handcrafted goods. Like many other retailers, the company is digesting the impact of President Donald Trump’s sweeping tariffs, though CEO Josh Silverman said in February that the company is “vastly less” dependent on products from China, which was hit by aggressive levies of 145%.

Read more CNBC tech news

Etsy CFO Lanny Baker said Wednesday that the company is “staying nimble in the face of uncertainty” around the tariff announcements and “the fluid state of consumer confidence in our core markets.”

The company said it also established a “small operational task force” to address the tariffs, which has provided buyers and sellers with guidance on shipping timelines, along with other information. Earlier this month, Etsy began highlighting products from domestic sellers on its site as a way for shoppers to circumvent the extra costs associated with Trump’s tariffs.

Gross merchandise sales, a key metric that measures the total volume of goods sold on the platform, was $2.79 billion, which was in line with consensus estimates according to FactSet.

This is breaking news. Please refresh for updates.

Continue Reading

Technology

Microsoft says it respects European laws as U.S. ramps up trade tensions with EU

Published

on

By

Microsoft says it respects European laws as U.S. ramps up trade tensions with EU

Microsoft President Brad Smith speaks during signing ceremony of cooperation agreement between the Polish Ministry of Defence and Microsoft, in Warsaw, Poland, February 17, 2025.

Kacper Pempel | Reuters

Microsoft President Brad Smith says the U.S. tech giant is committed to respecting European laws — even though it may not always agree with them.

“Like every citizen and company, we don’t always agree with every policy of every government. But even when we’ve lost cases in European courts, Microsoft has long respected and complied with European laws,” Smith said in a blog post Wednesday.

Smith’s comments are part of a charm offensive Microsoft is making in Europe this week, after tensions between the United States and European Union ratcheted up in recent weeks over U.S. President Donald Trump’s tariffs.

Trump’s trade war with U.S. trading partners — including the European Union, China and others — has raised fears that the EU could use its regulatory crackdown on America’s technology giants as a tool to counter trade restrictions.

The EU has for years been trying to tame U.S. Big Tech firms over competition issues. The bloc’s Digital Markets Act (DMA), which became enforceable last year, aims to tackle the market power of large so-called “gatekeeper” firms such as Google, Apple, Meta, Amazon and Microsoft.

Last week, the European Commission — the executive body of the EU — fined Apple 500 million euros ($568.5 million) and Meta 200 million euros ($227.4 million) for DMA breaches.

“We understand that European laws apply to our business practices in Europe, just as local laws apply to local practices in the United States and similar laws apply elsewhere in the world. This includes European competition law and the Digital Markets Act, among others,” Smith said Wednesday.

“We’re committed not only to building digital infrastructure for Europe, but to respecting the role that laws across Europe play in regulating our products and services.”

Trump has previously cited the EU’s regulatory actions against America’s tech giants as a reason to hit the bloc with tariffs. In February, he threatened the bloc with duties to tackle “overseas extortion” of U.S. tech firms through digital taxes and fines.

Continue Reading

Technology

Britain at risk of losing ground to rival fintech and crypto hubs, execs warn

Published

on

By

Britain at risk of losing ground to rival fintech and crypto hubs, execs warn

Workers cross a junction near the Bank of England (BOE) in the City of London, UK, on Tuesday, April 8, 2025. 

Bloomberg | Bloomberg | Getty Images

LONDON — Britain is at risk of losing budding fintech and cryptocurrency entrepreneurs to rival hubs if it doesn’t address pressing regulation and funding challenges, according to industry leaders.

Several crypto bosses told CNBC this week that the U.K. has created an unfavorable environment for fintech and crypto. They argued that the local regulator takes too strict an approach to registering new firms, and that pension funds managing trillions of pounds are too risk-averse

Whereas a decade ago the U.K. was seen as being at “the forefront in terms of promoting competitiveness and innovation,” today things “have shifted more towards prioritizing safety and soundness to an extent where growth has been held behind,” according to Jaidev Janardana, CEO of British digital bank Zopa.

“If I look at the speed of innovation, I do feel that the U.S. is ahead — although they have their own challenges. But look at Singapore, Hong Kong — again, you see much more rapid innovation,” Janardana told CNBC. “I think we are still ahead of the EU, but we can’t remain complacent with that.”

Zopa CEO: Fintechs face challenges when it comes to scaling in the UK

Tim Levene, CEO of venture capital firm Augmentum Fintech, said entrepreneurs face challenges attracting funding in the U.K. and could be tempted to start their founding journeys in other regions, like Asia and the Middle East.

“We’re scrambling around looking for pots of capital in the U.K., where currently it would be more fruitful to go to the Gulf, to go to the U.S., to go to Australia, or elsewhere in Asia, and that that doesn’t feel right,” Levene told CNBC.

Lisa Jacobs, CEO of business lending platform Funding Circle, said that the negative impacts of Brexit are still being felt by the U.K. fintech industry — particularly when it comes to attracting overseas talent.

“I think it is right that we’re paranoid about other locations,” she told CNBC. “It is right that we are trying to — as an industry, as government — make the U.K. still that great place to set up. We have all the ingredients there, because we’ve got the ecosystem, we do have this talent setting up new businesses. But it needs to continue. We can’t rest on our laurels.”

Crypto rules unclear

The U.K. is home to a vibrant financial technology sector, with firms like Monzo and Revolut among those scaling to become challengers to traditional banks.

Industry insiders attribute their rapid rise in part to innovation-friendly rules that allowed tech startups to apply for — and secure — licenses to offer banking and electronic money services with greater ease.

Businesses operating in the world of crypto are frustrated that the same hasn’t happened yet for their industry.

“Other jurisdictions have started to seize the opportunity,” Cassie Craddock, U.K. and Europe managing director at blockchain firm Ripple, told CNBC.

The U.S., for example, has adopted a more pro-crypto stance under President Donald Trump, with the Securities and Exchange Commission dropping several high-profile legal cases against major crypto businesses.

The EU, meanwhile, has led the way when it comes to laying out clear rules for the industry with its Markets in Crypto-Assets (MiCA) regulation.

“The U.S. is driving global tailwinds for the industry,” Craddock said, adding: “MiCA came into force in the EU at the end of last year, while Singapore, Hong Kong and the UAE are moving full steam ahead with pro-industry reforms,” she added.

The U.K. on Tuesday laid out draft proposals for regulating crypto firms — however, industry insiders say the devil will be in the detail when it comes to addressing more complex technical issues, such as reserve requirements for stablecoins.

Rules on stablecoins unclear

Coinbase UK boss: Crypto industry needs 'smart' regulation

Another issue faced by crypto companies is that of being “debanked” by high street banks, according to Keith Grose, head of U.K. at Coinbase.

“Debanking is a huge issue — you can’t get bank accounts if you’re a company or individual who works in crypto,” Keith Grose, Coinbase’s U.K. head, told CNBC. “You can’t build the future of the financial system here if we don’t have that level playing field.”

A survey by Startup Coalition, Global Digital Finance and the U.K. Cryptoasset Business Council of more than 80 crypto firms published in January found that half were denied bank accounts or had existing ones closed by major banks.

“I think the U.K. will get it right — but there is a risk if you get it wrong that you drive innovation to other markets,” Coinbase’s Grose told CNBC.

“This is such a fast developing space — stablecoins grew 300% last year. They’re already doing more volume than Visa and Mastercard,” he added. “I think if you deliver smart regulation here, stablecoins can be a foundational part of our payment ecosystem in the U.K. going forward.”

Continue Reading

Trending