15 Percent of 23andMe Customers Request Genetic Data Deletion Amid Bankruptcy

In the wake of its bankruptcy filing in March, 23andMe has faced a significant backlash from its customers regarding the privacy of their genetic data. Joseph Selsavage, the company’s interim CEO, revealed that approximately 1.9 million users—representing about 15% of the total customer base—have requested the deletion of their genetic information from the company’s servers.

This surge in deletion requests coincides with heightened concerns over the fate of sensitive genetic data following 23andMe’s bankruptcy auction. Pharmaceutical giant Regeneron won the court-approved bid in May, acquiring 23andMe and its extensive DNA database for $256 million. Regeneron plans to leverage this data to accelerate drug discovery, pledging to uphold the company’s existing privacy standards.

However, the sale has ignited legal challenges from over two dozen states including Florida, New York, and Pennsylvania. These states argue that 23andMe cannot legally sell the genetic data of its 15 million customers without obtaining explicit consent, raising critical questions about data ownership and privacy rights.

Adding to the company’s woes, 23andMe experienced a major data breach last year that exposed the sensitive personal and genetic information of 6.9 million customers. The company controversially attributed the breach to customers’ failure to use multi-factor authentication rather than acknowledging its own security shortcomings or delayed breach detection.

This series of events underscores the complex challenges at the intersection of biotechnology, data privacy, and cybersecurity. Customers’ genetic data is not just another dataset—it’s deeply personal and uniquely identifiable, demanding rigorous protection and transparent governance.

Why Genetic Data Privacy Matters More Than Ever

Genetic data contains information that can reveal predispositions to diseases, ancestral origins, and other sensitive traits. Unlike passwords or credit card numbers, genetic data cannot be changed if compromised. This permanence heightens the stakes for companies handling such data, especially when ownership and consent become murky during corporate transitions like bankruptcies and acquisitions.

The 23andMe case highlights how customers are increasingly aware and protective of their genetic privacy. The fact that nearly one in six customers requested data deletion after bankruptcy news broke is a clear signal that trust is fragile and must be earned through transparent policies and robust security measures.

Legal and Ethical Implications for Biotech Companies

The lawsuit filed by multiple states challenges the legality of selling genetic data without explicit user consent. This raises broader questions about how biotech companies must navigate privacy laws, consumer rights, and ethical responsibilities. It also signals potential regulatory shifts that could reshape data handling practices industry-wide.

For companies like 23andMe and Regeneron, balancing innovation in drug discovery with stringent privacy protections is a delicate act. Transparency with customers about data use, clear opt-in mechanisms, and proactive cybersecurity defenses are no longer optional—they are essential to maintaining public trust and compliance.

Protecting Genetic Data in an Era of Corporate Change

Bankruptcy and acquisitions can create vulnerabilities in data security as ownership changes hands. Customers may feel their data is at risk of misuse or unauthorized sale. This scenario underscores the importance of robust data governance frameworks that survive corporate upheavals and prioritize user consent and data protection.

For consumers concerned about their genetic privacy, deleting data from platforms like 23andMe is a critical step. TechCrunch offers guidance on how users can protect themselves by removing their genetic information from the company’s servers.

Ultimately, the 23andMe case is a cautionary tale for the biotech industry. It highlights the urgent need for transparent data practices, rigorous cybersecurity, and respect for consumer rights in handling the most personal form of data—our DNA.