Connect with us

Published

on

Signage at 23andMe headquarters in Sunnyvale, California, U.S., on Wednesday, Jan. 27, 2021.

David Paul Morris | Bloomberg | Getty Images

DNA testing has become a valuable tool for hobbyists and novice genealogists. For some, learning they are the 10th cousin of Paul Revere or the 15th great nephew four times removed of the last King of Prussia is worth the perceived risk of sharing a DNA sample. But what happens when the company harvesting the DNA goes bankrupt? 

That was the question posed to millions of Americans last week when 23andMe, the company that popularized consumer genetic testing and had early backing from Google, filed for bankruptcy, leading to a wave of calls for Americans to delete their DNA from the company’s database.

While it’s not 100 percent clear if the “delete your DNA” calls were warranted, privacy experts are alarmed, and Americans who had taken the genetic test took the advice to heart.

According to data from online traffic analysis company Similarweb, on March 24, the day of the bankruptcy announcement, 23andMe received 1.5 million visits to its website, a 526% increase from one day prior. According to Similarweb, 376,000 visits were made to help pages specifically related to deleting data, and 30,000 were made to the customer care page for account closure. The next day, that figure rose to 1.7 million visits, and rraffic to the delete data help page about 480,000.

Margaret Hu, professor of law and director of the Digital Democracy Lab at William & Mary Law School, thinks Americans made the right move. “This development is a disaster for data privacy,” said Hu. In her view, the 23andMe bankruptcy should serve as a warning as to why the federal government needs strong data protection laws.

In some states, Hu noted, the government is taking an active role in counseling consumers. The California Attorney General’s Office is urging Californians to delete their data and have 23andMe destroy saliva samples. But Hu says that is not enough, and such guidance should be provided to all U.S. citizens.

The potential national security implications of 23andMe’s data falling into the wrong hands are not new. In fact, the Pentagon had previously warned military personnel that these DNA kits could pose a risk to national security.

Exposing DNA collected from consumers is not a new issue for 23andMe, either. In 2023, almost 7 million people who took the genetic test were already exposed in a major 23andMe data breach. The company signed an agreement that involved a $30 million settlement and a promise of three years’ worth of security monitoring.

But Hu says the bankruptcy does make the company, and its data, especially vulnerable now.

Drug research and genetic testing data

One of the things notable about the consumer mindset in the early years of the popularization of genetic testing was that a majority of users opted into sharing their DNA for research purposes, as much as 80% in the years when 23andMe was growing rapidly. Then, as the market for consumer sale of the popular DNA test kits reached saturation sooner than many expected, 23andMe focused more on research and development partnerships with drug companies as a way to diversify its revenue.

Currently, when 23andMe sells genetic data to other research companies, most is used at an aggregate level, as part of millions of data points being analyzed as a whole. The company also strips out identifying data from the genetic data, and no registration information (like a name or email) is included. Data researchers do need, such as date of birth, is stored separately from genetic data, and shared with randomly assigned IDs.

Hu is among the experts concerned these practices could change under 23andMe or any new buyer. “In a time of financial vulnerability, companies such as pharmaceutical companies might see an opportunity to exploit the research benefits of the genetic data,” Hu said, adding that they might try to renegotiate prior contracts to extract more data from the company. “Will the next company that buys 23andMe do that?,” Hu said of its privacy policies.

In recent days, 23andMe has said it will try to find a buyer who shares its privacy values.

23andMe did not respond to a request for comment.

Anne Wojcicki, 23andMe Co-Founder & CEO pushes the button, remotely ringing the NASDAQ opening bell at the headquarters of DNA tech company 23andMe in Sunnyvale, California, U.S., June 17, 2021.

Peter DaSilva | Reuters

Over the years since 23andMe’s founding in 2006, many customers were willing to send in a swab to learn more about their family history. Lansing, Michigan resident Elaine Brockhaus, 70, and her family were excited to learn more about their lineage when they submitted samples of their DNA to 23andMe. But with the company now teetering in bankruptcy and privacy experts concerned about what happens to the millions of people with DNA samples stored, Brockhaus says the whole thing has “caused a bit of a ruckus in my family.”  

“We enjoyed some aspects of 23&Me,” Brockhaus said. “They continually refined and updated our heritage as more people joined, and they were better able to pinpoint genetically related groups,” Brockhaus said. She was able to learn more about health risk factors that were present or not present in her past.

Now, her family has come full circle in the 23andMe experience: some members were initially reluctant to go along, and now, Brockhaus says, everyone has deleted their accounts.

A unique company collapse, but everyday cyber risks

But Brockhaus continues to view 23andMe within a larger consumer health market where the risks are not new, and health information is being shared in all sorts of environments where security issues could arise. “Anyone sending ColoGuard or receiving medical results through the mail is taking a risk of exposure,” Brockhaus said. “Our very identities can be stolen with a few keystrokes. Of course, this does not mean that we should throw up our hands and agree to be victims, but unless we want to dig holes out back and live in them we have to be vigilant, proactive, but not panicked,” she added.

Jon Clay, vice president of threat intelligence at cybersecurity firm Trend Micro, says consumers of 23andMe do need to view the bankruptcy as a threat. In any sale process, if the data is not transferred and guarded in the most secure manner possible, “it is at risk of being used by malicious actors for a number of nefarious purposes,” he said.

Clay thinks 23andMe’s data is incredibly valuable to cybercriminals — not just because it’s permanent and personally identifiable, but also because it can be exploited for identity theft, blackmail, or even medical fraud.

“Cybercriminals can use it to target consumers with convincing scams and social engineering tactics, such as fraudulently claiming someone is a blood relative to another person or to send deceptive messages about their potential health risks,” Clay said. “Organizations who go bankrupt should ensure the security and privacy of their customer’s data is critical, and any sharing or selling of data to others should not be done,” he added.

But other experts say the lesson of 23andMe is less about the company’s collapse and the threat to privacy that created than serving as a reminder about the everyday cyber hazards related to personal information.

“When people start talking about personal data, they forget where their data is already sitting,” says Rob Lee, chief of research and head of faculty at SANS Institute, which specializes in helping businesses with information security and cyber issues. Whether it’s sending a blood sample into a private lab or getting rid of a laptop to upgrade to a new one, “your digital footprints are being left out there for people to find,” Lee said. “People don’t understand the scope, so there is a larger discussion out there, specifically around where does data go?”

With DNA information, there are certain basic legal factors people should weigh before swabbing themselves and sending the sample in.

According to Lynn Sessions, an expert on healthcare privacy and digital assets and partner at the law firm BakerHostetler, the federal law that covers patient information privacy, HIPAA, does not apply to this situation, and 23andMe would not be considered a HIPAA-covered entity, or business associate of one. But there are state laws that apply to genetic information that would be in play, such as in California.

Meredith Schnur, a managing director and cybersecurity leader at insurance company Marsh, thinks the risk from 23andMe’s bankruptcy for people who sent in their swabs is relatively low. “It doesn’t cause any additional consternation or heartburn,” Schnur said. “I just don’t think it opens up any additional risk that doesn’t already exist,” she said, adding that many people’s information is “already out there.”

Last week, a 23andMe co-founder, Linda Avey, blasted the company’s leadership. “Without continued consumer-focused product development, and without governance, 23andMe lost its way, and society missed a key opportunity in furthering the idea of personalized health,” Avey wrote in a social media post. “There are many cautionary tales buried in the 23andMe story,” Avey said.

The bankruptcy itself is the issue that is now hard for consumers to ignore, and until the sale process is completed, the questions will remain.

“When you’re in bankruptcy, data privacy values are not what you’re really thinking about. You’re thinking about selling your company to the highest bidder,” Hu said. That highest bidder, Hu says might take the genetic data and consumer profile data and link them together when selling it to others.

And that initial sale which includes the DNA of millions of people may only be the first of many transactions.

“It might sell it off, piece by piece, indiscriminately. And the buyer of that data might be a foreign adversary,” Hu said. “That is why this is not just a data privacy disaster. It’s also a national security disaster.”

We don't know who could buy 23andMe data and how it could be used against us, says Theresa Payton

Continue Reading

Technology

TikTok creators, partners remain optimistic ahead of app’s second ban deadline

Published

on

By

TikTok creators, partners remain optimistic ahead of app’s second ban deadline

Photo illustration shows the TikTok logo displayed on a mobile phone screen.

Sopa Images | Lightrocket | Getty Images

For the second time this year, TikTok is staring at a deadline that could determine its fate in the U.S. and that of numerous creators and brands that have built businesses on the Chinese-owned social app.

The sense of urgency that led some creators to post wistful goodbye videos in January has shifted to a more cautiously optimistic outlook, with creators and firms saying they believe TikTok will remain in the U.S. They are, however, hedging their bets. 

“I’m trying to be optimistic and hope that they keep it, but as a creator, I have to be prepared either way,” said Gianna Christine, a creator with 2.7 million TikTok followers. 

TikTok could be effectively banned in the U.S. on April 5 because of a national security law originally signed by former President Joe Biden that requires its Chinese parent ByteDance to divest the app’s American operations. ByteDance originally faced a Jan. 19 deadline to sell TikTok, but Trump signed an executive order instructing the attorney general to not enforce the law, granting the Chinese company 75 more days to divest the U.S. portion of its business.

Gianna Christine makes lifestyle videos about living in New York City to her nearly 3 million followers on TikTok.

Gianna Christine

Like others who spoke with CNBC, Christine said she hasn’t received any direct updates from TikTok about its future. Christine said she’s staying positive about TikTok’s chances of remaining in the U.S. but she’s also expanding her presence on platforms like Snapchat and YouTube as a precaution.

“You never know what will happen,” Christine said.

Throughout his 2024 presidential campaign, Trump said many positive comments about TikTok and used the app as a campaign tool. Trump said Sunday that he is “pretty certain” that a TikTok deal will be reached before the April deadline, according to AFP. Last week, Trump said he may extend the deadline if a deal isn’t reached and that he may reduce tariffs on China to help facilitate a transaction.

“I really don’t see TikTok getting banned,” said Olivia Plotnick, the founder of the Wai Social marketing and consultancy agency. “Trump really is going to want to show how amazing he is, and make a deal happen.”

TikTok and the White House did not respond to requests for comment.

Whatever is in store for TikTok, the company is acting like business as usual.

Current and former TikTok workers said they have received no communication from management about its future in the U.S. Brands and creators said they have received no updates from the company either.

That lack of communication and the uncertainty of the app’s future hasn’t stopped TikTok from moving forward with new partnerships. 

Marketing firm Meltwater, for example, announced that it joined TikTok’s marketing partners program in March. Aditya Jami, Meltwater’s tech chief, said that his TikTok contacts seemed to be “in the dark” about the app’s future, but they went ahead with the partnership, which will require deep integration between the two companies.

 “They are actually going to do more and more things that we can build together and then expose to our customers, so I feel like it’s going business as usual,” Jami said.

TikTok creator Alyssa McKay has more than 10 million followers, but she’s been proactive about diversifying her following across more platforms.

“If you’re not already posting on Snapchat, Instagram Reels, YouTube Shorts, that’s where you need to be,” said McKay, adding that her efforts to get ahead of a potential ban have resulted in her already earning more revenue from other platforms than she does on TikTok.

Alyssa McKay is a content creator with over 10 million followers on TikTok.

Alyssa McKay

The first TikTok ban deadline didn’t significantly alter the social media postings from creators and brands, according to data provided to CNBC by Later, a social media and influencer marketing firm.

Social media users increased their posts on Threads and YouTube by 10% and 6%, respectively, the week of the TikTok ban in January compared to the week prior, according to Later. Still, the general posting habits of brands and creators during the week after the January deadline compared to the week preceding it were nearly identical, a spokesperson for Later said. 

Throughout March, creators and brands steadily reduced the number of scheduled TikTok posts they plan to publish during the weeks leading up to the April deadline while increasing their scheduled Instagram posts, Later data showed. The March data suggests creators and brands are “reallocating content to Instagram as a safer or more stable alternative,” the Later spokesperson said.

For a brief moment, the Chinese social media app RedNote rose to the top of Apple’s app store during the week leading to the January deadline. Known as Xiaohongshu in China, that app has similar short-video features as TikTok, but it has a user base comprised mostly of women from more affluent Chinese cities that embraced the sudden influx of American users, Plotnick of Wai Social said.

“They were super welcoming, and it was a really fun time,” Plotnick said.

RedNote’s moment in the sun won’t likely repeat. The app is no longer a priority now that TikTok has resumed normal operations, creators and brands said. 

“I don’t foresee buzz around alternative apps like RedNote,” Later CEO Scott Sutton said. “Those were a blip and lacked the staying power of other platforms.”

It’s unclear whether lawmakers who are concerned about the Chinese Communist Party  or TikTok-competitors like Meta or Google would take to the courts to enforce the national security law, said Neil Chilson, a former chief technologist at the Federal Trade Commission who now heads AI policy at Abundance Institute non-profit. Taking that kind of legal action carries the risk of upsetting TikTok’s giant user base and Trump, Chilson said.

“Trump likes this sort of leverage that the law provides him,” Chilson said. “He’s obviously using quite aggressively — not quite in the text of the law — his latitude to make deals to continue to string this along.”

WATCH: TikTok is a digital Trojan horse, says Hayman Capital’s Kyle Bass

TikTok is a digital Trojan horse, says Hayman Capital's Kyle Bass

Continue Reading

Technology

Amazon resumes drone deliveries after two-month pause

Published

on

By

Amazon resumes drone deliveries after two-month pause

Amazon has restarted drone deliveries in two states after a months-long pause, the company confirmed.

In January, Amazon halted Prime Air deliveries in College Station, Texas, and Tolleson, Arizona, the two U.S. markets where it’s testing the service, as the company rolled out a software update to its drone fleet.

Amazon discovered an abnormality with the drone’s altitude sensor, caused by dust in the air, that could have caused its system to produce an inaccurate reading of its position relative to the ground, the company said. Amazon “never experienced an actual safety issue,” but said it opted to suspend deliveries while it corrected the issue.

The company brought drone deliveries back online last week after it completed the software update and received approval from the Federal Aviation Administration, Amazon spokesperson Av Zammit said in a statement.

“Safety underscores everything we do at Prime Air, which is why we paused our operations to conduct a software update on the MK30 drone,” Zammit said. “The updates are now complete and were approved by the FAA, allowing us to resume deliveries.”

An FAA spokesperson didn’t immediately provide a comment.

Zammit said Prime Air has seen “unprecedented levels of demand” since it resumed service. David Carbon, an executive who oversees Amazon’s drone program, wrote in a LinkedIn post last week that the company dropped a bottle of ZzzQuil sleep medicine at an Arizona customer’s home in “31 minutes and 30 seconds.” Carbon didn’t say how far the drone had to fly and Zammit declined to provide details.

For over a decade, Amazon has been working to bring to life founder Jeff Bezos’ vision of drones whizzing toothpaste, books and batteries to customers’ doorsteps in 30 minutes or less. But progress has been slow, as Prime Air has only been made available in the U.S. in College Station and Tolleson. A test site in Lockeford, California, was shuttered last April. The program was also hit with layoffs in 2023 as Amazon CEO Andy Jassy cut costs across the company.

Amazon has set a goal to deliver 500 million packages by drone per year by the end of the decade. The company last year notched a critical regulatory milestone that could enable it to accelerate deliveries. It’s eyed international expansion to the U.K., and recently welcomed Transportation Secretary Sean Duffy in a visit to a Prime Air facility.

The company also introduced a new version of its delivery drone, called the MK30, which is designed to be quieter than previous models and can fly in light rain.

Customers in College Station, a quiet suburban town that’s about 100 miles northwest of Houston, had previously complained about the drones’ noise levels. After rolling out the MK30, the company is also taking steps to relocate its drone hub farther away from residents’ homes later this year.

Before Amazon suspended drone deliveries, the MK30 crashed in two separate incidents during test flights at the company’s facility in Pendleton, Oregon. Last December, a software issue caused two drones to crash, according to Bloomberg. And in September, a pilot mistakenly caused a “mid-air collision” between two drones after he tested how the MK30 would perform when faced with a failed propeller, according to a federal crash report.

Another crash occurred on Feb. 21 during tests at the Pendleton site, which resulted in a drone sustaining substantial damage, according to a report compiled by the National Transportation Safety Board.

Amazon said the crashes were unrelated to its decision to halt drone operations. The company has said these kinds of incidents, which have also occurred with other models in previous years, are part of the testing process, as it pushes drone systems “up to the limits and beyond.”

WATCH: Amazon, Alphabet’s Wing and Zipline race to roll out drone delivery

Amazon drones make 100th delivery, lagging far behind Alphabet's Wing and Walmart partner Zipline

Continue Reading

Technology

Trump’s tariffs could mean big business for supply chain software startup LightSource

Published

on

By

Trump's tariffs could mean big business for supply chain software startup LightSource

LightSource cofounders: CTO Idan Mintz and CEO Spencer Penn

Courtesy: LightSource

With President Donald Trump set to impose sweeping tariffs on a wide swath of U.S. trading partners this week, corporate America is awash in uncertainty.

LightSource, a San Francisco startup whose software helps companies manage their procurement process, costs and vendor relationships, didn’t know what the president’s tariffs plan would look like before raising its first funding round. But the timing didn’t hurt.

LightSource has just closed a $33 million financing, led by Bain Capital Ventures and Lightspeed Venture Partners, with participation from J2 Ventures.

“Tariffs and trade winds are shifting so fast, it’s enough to make your head spin,” said Ajay Agrawal, a partner at Bain and now a board member at LightSource. “For a company with hundreds or thousands of different parts and suppliers — even just understanding what the impact will be on their whole enterprise is unbelievable.”

President Trump’s plans to slap “reciprocal tariffs” on all countries with duties on U.S. goods is set to be announced on Wednesday. Concerns surrounding the impact of those moves pushed the Nasdaq down more than 10% in the first quarter, the index’s biggest drop for any period since 2022.

Trump has already said he would impose 25% tariffs on “all cars that are not made in the United States.” Autos is a market that co-founder and CEO Spencer Penn knows well.

LightSource was started in 2021 by Penn and CTO Idan Mintz, while the two were working in different parts of Alphabet. Penn was at robotaxi unit Waymo, and Mintz was in the Google X “moonshot factory.”

Prior to Waymo, Penn worked at Tesla when the electric vehicle maker was starting to mass produce its popular Model 3 sedans. He said that finance, sourcing and engineering professionals have to work together to find, or sometimes custom order, high-quality parts. They also have to maintain their best supplier relationships while evaluating new potential vendors and negotiating fair prices.

Often these teams rely on “hundreds of disparate processes and information that’s stuck in thousands of emails, spreadsheets and randomly formatted invoices and contracts,” Penn said.

LightSource, which has about 30 employees, connects a company’s procurement-related information sources and systems to streamline that complex work. The aim is to speed up a company’s procurement process, saving the business time, money and pain while working with suppliers.

Mintz describes LightSource’s offering as a kind of “operating system” for procurement. Penn says it has the potential to do for procurement what Salesforce did for customer relationships.

Whether it’s a global pandemic, a natural disaster cutting off a shipping route, or a major shift in tariffs and trade policy, Mintz said, any supply chain disruption can make a huge difference to a company’s profit margins and its ability to deliver a product on time.

Current customers include consumer packaged goods companies, aerospace ventures, e-commerce companies and automotive giants.

WATCH: Tariffs put Federal Reserve in tough spot

Tariffs put the Federal Reserve in a tough spot, says Moody's Mark Zandi

Continue Reading

Trending