23andMe bankruptcy: With America’s DNA put on sale, market panic gets a new form of testing
Signage at 23andMe headquarters in Sunnyvale, California, U.S., on Wednesday, Jan. 27, 2021.
David Paul Morris | Bloomberg | Getty Images
DNA testing has become a valuable tool for hobbyists and novice genealogists. For some, learning they are the 10th cousin of Paul Revere or the 15th great nephew four times removed of the last King of Prussia is worth the perceived risk of sharing a DNA sample. But what happens when the company harvesting the DNA goes bankrupt?
That was the question posed to millions of Americans last week when 23andMe, the company that popularized consumer genetic testing and had early backing from Google, filed for bankruptcy, leading to a wave of calls for Americans to delete their DNA from the company’s database.
While it’s not 100 percent clear if the “delete your DNA” calls were warranted, privacy experts are alarmed, and Americans who had taken the genetic test took the advice to heart.
According to data from online traffic analysis company Similarweb, on March 24, the day of the bankruptcy announcement, 23andMe received 1.5 million visits to its website, a 526% increase from one day prior. According to Similarweb, 376,000 visits were made to help pages specifically related to deleting data, and 30,000 were made to the customer care page for account closure. The next day, that figure rose to 1.7 million visits, and rraffic to the delete data help page about 480,000.
Margaret Hu, professor of law and director of the Digital Democracy Lab at William & Mary Law School, thinks Americans made the right move. “This development is a disaster for data privacy,” said Hu. In her view, the 23andMe bankruptcy should serve as a warning as to why the federal government needs strong data protection laws.
In some states, Hu noted, the government is taking an active role in counseling consumers. The California Attorney General’s Office is urging Californians to delete their data and have 23andMe destroy saliva samples. But Hu says that is not enough, and such guidance should be provided to all U.S. citizens.
The potential national security implications of 23andMe’s data falling into the wrong hands are not new. In fact, the Pentagon had previously warned military personnel that these DNA kits could pose a risk to national security.
Exposing DNA collected from consumers is not a new issue for 23andMe, either. In 2023, almost 7 million people who took the genetic test were already exposed in a major 23andMe data breach. The company signed an agreement that involved a $30 million settlement and a promise of three years’ worth of security monitoring.
But Hu says the bankruptcy does make the company, and its data, especially vulnerable now.
Drug research and genetic testing data
One of the things notable about the consumer mindset in the early years of the popularization of genetic testing was that a majority of users opted into sharing their DNA for research purposes, as much as 80% in the years when 23andMe was growing rapidly. Then, as the market for consumer sale of the popular DNA test kits reached saturation sooner than many expected, 23andMe focused more on research and development partnerships with drug companies as a way to diversify its revenue.
Currently, when 23andMe sells genetic data to other research companies, most is used at an aggregate level, as part of millions of data points being analyzed as a whole. The company also strips out identifying data from the genetic data, and no registration information (like a name or email) is included. Data researchers do need, such as date of birth, is stored separately from genetic data, and shared with randomly assigned IDs.
Hu is among the experts concerned these practices could change under 23andMe or any new buyer. “In a time of financial vulnerability, companies such as pharmaceutical companies might see an opportunity to exploit the research benefits of the genetic data,” Hu said, adding that they might try to renegotiate prior contracts to extract more data from the company. “Will the next company that buys 23andMe do that?,” Hu said of its privacy policies.
In recent days, 23andMe has said it will try to find a buyer who shares its privacy values.
23andMe did not respond to a request for comment.
Anne Wojcicki, 23andMe Co-Founder & CEO pushes the button, remotely ringing the NASDAQ opening bell at the headquarters of DNA tech company 23andMe in Sunnyvale, California, U.S., June 17, 2021.
Peter DaSilva | Reuters
Over the years since 23andMe’s founding in 2006, many customers were willing to send in a swab to learn more about their family history. Lansing, Michigan resident Elaine Brockhaus, 70, and her family were excited to learn more about their lineage when they submitted samples of their DNA to 23andMe. But with the company now teetering in bankruptcy and privacy experts concerned about what happens to the millions of people with DNA samples stored, Brockhaus says the whole thing has “caused a bit of a ruckus in my family.”
“We enjoyed some aspects of 23&Me,” Brockhaus said. “They continually refined and updated our heritage as more people joined, and they were better able to pinpoint genetically related groups,” Brockhaus said. She was able to learn more about health risk factors that were present or not present in her past.
Now, her family has come full circle in the 23andMe experience: some members were initially reluctant to go along, and now, Brockhaus says, everyone has deleted their accounts.
A unique company collapse, but everyday cyber risks
But Brockhaus continues to view 23andMe within a larger consumer health market where the risks are not new, and health information is being shared in all sorts of environments where security issues could arise. “Anyone sending ColoGuard or receiving medical results through the mail is taking a risk of exposure,” Brockhaus said. “Our very identities can be stolen with a few keystrokes. Of course, this does not mean that we should throw up our hands and agree to be victims, but unless we want to dig holes out back and live in them we have to be vigilant, proactive, but not panicked,” she added.
Jon Clay, vice president of threat intelligence at cybersecurity firm Trend Micro, says consumers of 23andMe do need to view the bankruptcy as a threat. In any sale process, if the data is not transferred and guarded in the most secure manner possible, “it is at risk of being used by malicious actors for a number of nefarious purposes,” he said.
Clay thinks 23andMe’s data is incredibly valuable to cybercriminals — not just because it’s permanent and personally identifiable, but also because it can be exploited for identity theft, blackmail, or even medical fraud.
“Cybercriminals can use it to target consumers with convincing scams and social engineering tactics, such as fraudulently claiming someone is a blood relative to another person or to send deceptive messages about their potential health risks,” Clay said. “Organizations who go bankrupt should ensure the security and privacy of their customer’s data is critical, and any sharing or selling of data to others should not be done,” he added.
But other experts say the lesson of 23andMe is less about the company’s collapse and the threat to privacy that created than serving as a reminder about the everyday cyber hazards related to personal information.
“When people start talking about personal data, they forget where their data is already sitting,” says Rob Lee, chief of research and head of faculty at SANS Institute, which specializes in helping businesses with information security and cyber issues. Whether it’s sending a blood sample into a private lab or getting rid of a laptop to upgrade to a new one, “your digital footprints are being left out there for people to find,” Lee said. “People don’t understand the scope, so there is a larger discussion out there, specifically around where does data go?”
With DNA information, there are certain basic legal factors people should weigh before swabbing themselves and sending the sample in.
According to Lynn Sessions, an expert on healthcare privacy and digital assets and partner at the law firm BakerHostetler, the federal law that covers patient information privacy, HIPAA, does not apply to this situation, and 23andMe would not be considered a HIPAA-covered entity, or business associate of one. But there are state laws that apply to genetic information that would be in play, such as in California.
Meredith Schnur, a managing director and cybersecurity leader at insurance company Marsh, thinks the risk from 23andMe’s bankruptcy for people who sent in their swabs is relatively low. “It doesn’t cause any additional consternation or heartburn,” Schnur said. “I just don’t think it opens up any additional risk that doesn’t already exist,” she said, adding that many people’s information is “already out there.”
Last week, a 23andMe co-founder, Linda Avey, blasted the company’s leadership. “Without continued consumer-focused product development, and without governance, 23andMe lost its way, and society missed a key opportunity in furthering the idea of personalized health,” Avey wrote in a social media post. “There are many cautionary tales buried in the 23andMe story,” Avey said.
The bankruptcy itself is the issue that is now hard for consumers to ignore, and until the sale process is completed, the questions will remain.
“When you’re in bankruptcy, data privacy values are not what you’re really thinking about. You’re thinking about selling your company to the highest bidder,” Hu said. That highest bidder, Hu says might take the genetic data and consumer profile data and link them together when selling it to others.
And that initial sale which includes the DNA of millions of people may only be the first of many transactions.
“It might sell it off, piece by piece, indiscriminately. And the buyer of that data might be a foreign adversary,” Hu said. “That is why this is not just a data privacy disaster. It’s also a national security disaster.”
Jensen Huang, co-founder and CEO of Nvidia Corp., speaks during a news conference in Taipei on May 21, 2025.
I-hwa Cheng | Afp | Getty Images
Replacing Nvidia is a tall order. While Chinese competitors are years behind the company’s cutting-edge technology, many analysts and insiders warn they are catching up, thanks to U.S. export restrictions.
U.S. chip restrictions on the sale of advanced semiconductor technology, especially those used in artificial intelligence, have been rolled out over several years, with the initial aim of curbing China’s military advancement and protecting US dominance in the AI industry.
However, according to Nvidia CEO Jensen Huang, U.S. semiconductor export controls on China have been “a failure,” causing more harm to American businesses than to China.
While the goals of cutting back the Chinese military’s access to advanced U.S. technology and maintaining U.S. leadership in AI appear to have had some success on paper, loopholes and existing semiconductor stockpiles in China have complicated these aims, said Ray Wang, an independent tech and chip analyst with a focus on U.S.-China competition.
“That’s partly why we are seeing a closing of the gap between Chinese and U.S. AI capabilities,” added Wang.
A self-inflicted wound?
Leaders of Nvidia and other American chip designers have long lobbied against chip controls as they worry about losing lucrative business deals. Huang said at the annual Computex technology trade show in Taipei that Nvidia’s GPU market share in China fell to 50% from 95% over the past four years.
Indeed, chip experts say that the curbs create more harm than good for the U.S.
“The effects of the controls are twofold. They have the impact of reducing the ability of U.S. companies to access the China market and, in turn, have accelerated the efforts of the domestic industry to pursue greater innovation,” said Paul Triolo, Partner and Senior VP for China at DGA Group.
“You create competitors to your leading companies at the same time you’re cutting them off from a massive market in China,” he added.
While Washington’s most comprehensive export controls were passed during former U.S. President Joe Biden’s term in the White House, curbs on Huawei and SMIC, China’s largest chipmaker, go back to Donald Trump’s first term in office.
On April 15, Nvidia disclosed that new controls, which restricted sales of its H20 graphics processing units to China, had led to a $5.5 billion charge against its revenue.
Counter-intuitive curbs
The restrictions are expected to be a boon for the demand and development of local Nvidia alternatives like Huawei, which is working on its own AI chips. They also come against the background of Beijing mobilizing billions as part of its chip self-sufficiency campaign.
“The bottom line is, the controls have incentivized China to become self-sufficient across these supply chains in a way they never would have contemplated before,” Triolo said.
Chinese AI-related achievements, such as DeepSeek’s R1 model and news of Huawei chip progress, have led observers to question the effectiveness of chip controls.
According Wang, the independent analyst, China’s semiconductor and AI space has seen an acceleration of startups, market opportunities, and AI talent alongside the restrictions, which has clearly resulted in domestic innovations.
“I think the arguments that export controls accelerate innovation is quite valid,” Wang said.
Nivida’s Haung also noted these trends in April, telling lawmakers in Washington that the country has made enormous progress in the last several years and is right behind the U.S.
Moving goal posts?
Nvidia’s H20 chip was designed specifically to comply with existing chip controls prior to the clampdown on exports.
“We are not just talking about one export control, we are talking about a series of export controls that originate from all the way back in 2019,” said Wang, noting that the evolving policies have had a couple of different objectives.
Meanwhile, in what DGA’s Paul Trilio calls a “moving of the goalposts,” it seems that the aims of the restrictions have shifted to an intention to slow down and contain Chinese AI and semiconductor developments.
“The continued expansion of the controls, and the lack of an articulation of what the clear end game here is, has really created a lot of issues, and created a lot of collateral damage,” Trilio said, adding that it has led more people to question the policy.
In a statement earlier this month, the Information Technology & Innovation Foundation, a U.S. think tank which has received funding from various technology companies, said in a post that “the Biden administration’s export control policy for AI chips has largely been a failure since day one. Yet, year after year, it has doubled down, attempting to plug various loopholes.”
“While [the U.S. government] is certainly right to prevent U.S. companies from selling advanced AI technology to the Chinese military, cutting U.S. companies off from the entire commercial Chinese market is a cure worse than the disease,” Stephen Ezell of ITIF told CNBC in an email.
“U.S. export controls have cost NVIDIA at least $15 billion in sales, and those are revenues the company needs to be able to earn to invest in future generations of innovation.”
The artificial intelligence boom has sent energy demand soaring. Some of the supercomputers sucking up all that power are helping to find new energy sources.
Fusion energy is the process of forcing two hydrogen atoms to combine and form one helium atom, which releases huge amounts of power. It uses a stellarator, a type of fusion reactor invented in the 1950’s that produces heat.
Until now, the technology was too difficult to deploy commercially.
But this old concept has brand new potential. Type One Energy, a startup based in Tennessee, claims to have proven that fusion energy will be able to produce electricity in the next decade.
“It’s going to create heat that’s going to boil water, make steam, run a turbine and put fusion electrons on the power grid on a 24/7 reliable basis,” said Type One Christofer Mowry.
AI has made it all practical.
“Things have really accelerated remarkably over the last five or six years,” Mowry said. “The supercomputers have allowed industry, academia and large institutions to develop now and actually test at large scale the science machines that demonstrate the process.”
Dozens of other companies are working on different approaches to fusion energy, but Mowry said Type One is so far the only one with the proven stellarator technology to implement at existing power plants. It will soon be tested with the Tennessee Valley Authority.
TDK Ventures is betting that Mowry is right.
“With Type One Energy solutions, we expect outsized return potential,” said Nicola Sauvage, president of TDK Ventures. “Fusion is no longer science fiction, and Type One Energy’s technology is catching up fast to the vision of this low-cost, continuous green energy.”
Type One is also backed by Breakthrough Energy Ventures, Centaurus Capital, GD1, Foxglove Capital, and SeaX Ventures, and has raised a total of $82.4 million.
Fusion energy is different from nuclear power, and there’s no risk of a nuclear accident. The power source has no long-term radioactive waste, and, according to Mowry, can’t be weaponized.
But for handling AI, it could be a critical solution. Fusion energy can be deployed anywhere, whether it’s next to a data center or near a large industrial park that needs clean, reliable energy.
-
Sports3 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports1 year agoStory injured on diving stop, exits Red Sox game
-
Sports2 years agoGame 1 of WS least-watched in recorded history
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports4 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment2 years agoGame-changing Lectric XPedition launched as affordable electric cargo bike
-
Business3 years agoBank of England’s extraordinary response to government policy is almost unthinkable | Ed Conway