The diagnostics firm 23andMe has filed for Chapter 11 bankruptcy protection in Missouri federal court. The DNA testing kit firm is seeking a buyer. This could be a struggle, given that the Silicon Valley genetics testing company has never made a profit. The company has plunged in value from a peak of $5.8 billion in February 2021 to a market capitalisation of less than $50 million for its Nasdaq-listed shares.
Following this news, chief executive Anne Wojcicki stepping down immediately. She will be replaced by the firm’s chief financial and accounting officer Joe Selsavage.
In a statement on X, Wojcicki announced her exit as CEO and wrote: “While I am disappointed that we have come to this conclusion and my bid was rejected, I am supportive of the company and I intend to be a bidder. I have resigned as CEO of the company so I can be in the best position to pursue the company as an independent bidder.”
The biotech company that helped usher in the era of consumer DNA test kits nearly two decades ago as recently grappled with a class action lawsuit. In addition, several users of the service have raised privacy concerns.
The firm has not only struggled in terms of economics, a significant security breach undermined public trust. In late 2024, nearly seven million people were affected by a security breach that shared sensitive DNA ancestry data with malicious actors.
As other companies navigate transitions like this, safeguarding sensitive genetic information and personal health data must remain a top priority.
In relation to the news, Digital Journal has heard from data privacy expert Dr. Darren Williams, Founder and CEO of BlackFog. This concerns what happens to all the DNA/PHI the company holds and the risks associated with it falling into the wrong hands.
Williams sets the scene: “The bankruptcy of 23andMe raises serious concerns about the fate of millions of users’ personal and genetic data. As a company holding sensitive health and genealogy information, 23andMe’s financial troubles increase the risk of this data falling into the wrong hands.”
In terms of privacy and user data, Williams considers: “The bankruptcy process itself opens the door to potential exposure, whether through data transfers or sales during liquidation. Personal health information (PHI), especially DNA data, is unique and permanent—making it a prime target for exploitation. If compromised or sold, this data could be used for identity theft or other malicious purposes, potentially for years.”
In terms of the more general issues of data control and data breaches, Williams draws out some general lessons for businesses: “With data exfiltration becoming a growing concern in cybersecurity—accounting for 94% of all ransomware attacks—even if organizations pay the ransom, there’s no guarantee that the stolen data will be deleted or kept private.”
As a specific concern, Williams observes: “Often, compromised data ends up on the dark web, where it can be exploited indefinitely. This serves as a critical reminder: companies must prioritize protecting sensitive data—especially during financial distress. Once data is exfiltrated, it’s too late to protect it. Strong data protection strategies and proactive security measures are essential to preventing the long-term exploitation of sensitive information.”
