Congress Raises Concerns About 23andMe’s Bankruptcy and Customer Data Protection
The Uncertainty Surrounding 23andMe’s Bankruptcy
23andMe, the popular genetic testing company, has recently filed for Chapter 11 bankruptcy, sparking concerns regarding the future of customer data. The company’s filing, coupled with a history of data privacy issues, has raised significant questions about how customer information will be handled if the company is sold or restructured.
In response to these concerns, leaders from the House Committee on Energy and Commerce have launched an investigation into how the genetic testing company plans to manage sensitive customer data amidst the bankruptcy proceedings. This article delves into the ongoing concerns surrounding data security, privacy, and the potential implications for 23andMe’s customers.
What Led to 23andMe’s Bankruptcy?
In March 2025, 23andMe filed for Chapter 11 bankruptcy. The company, which has revolutionized the way consumers access their genetic information, faced numerous challenges, including financial struggles and a series of data security issues. Notably, 23andMe recently settled a data breach lawsuit for $30 million, further underscoring the company’s difficulties in maintaining robust data protection practices.
The bankruptcy filing marked a significant shift for the company, with co-founder and CEO Anne Wojcicki stepping down to become a private bidder for the company. While this could offer a potential pathway for 23andMe’s recovery, it has left many customers worried about the fate of their sensitive genetic data.
Congress Investigates Customer Data Concerns
Following the bankruptcy filing, members of the House Committee on Energy and Commerce, including Representatives Brett Guthrie, Gus Bilirakis, and Gary Palmer, have expressed concerns about the future of 23andMe’s customer data. The committee sent a letter to 23andMe’s interim CEO Joe Selsavage, seeking clarification on several key issues related to data security.
Key Questions Raised by Congress:
The main questions raised by the committee center around what will happen to customers’ genetic data if the company is sold, and how 23andMe plans to ensure that sensitive information is protected during the bankruptcy proceedings. There are concerns about the company’s ability to securely handle data in the absence of HIPAA protections.
Unlike medical institutions, 23andMe is not subject to the Health Insurance Portability and Accountability Act (HIPAA), which means that the company’s customers do not enjoy the same legal safeguards regarding their data. This raises the question: How secure is the genetic information that 23andMe collects, and what will happen to it in the event of a sale?
The Risk of Data Exposure: What Happens If 23andMe Is Sold?
The committee’s letter highlights the risk that customer data could be compromised if the company is sold to a new owner. Without clear regulations or safeguards in place, there are concerns that sensitive information could be mishandled or used in ways that violate user privacy.
What Are the Risks?
One of the most pressing issues is the uncertainty surrounding what happens to customer data during bankruptcy or a sale. 23andMe holds a trove of personal and sensitive information, including genetic details, health-related data, and family connections. The lack of clear privacy laws governing the genetic data space further exacerbates the situation, making it difficult for customers to trust that their information will be adequately protected.
Additionally, reports have surfaced that some customers have faced difficulties deleting their data from 23andMe’s platform. This raises further concerns about the company’s ability to respect users’ data privacy requests.
The Patchwork of State Laws and Genetic Privacy Concerns
Genetic data privacy remains a largely unregulated area, with various states having their own laws in place. However, this patchwork of regulations is insufficient to protect consumers’ sensitive genetic information on a national scale. The lack of a federal standard governing genetic data means that consumers are left vulnerable to potential misuse or breaches.
The recent bankruptcy and ongoing sale talks make this situation even more complex. Without comprehensive privacy protection, customers may have little recourse if their genetic data is mishandled or used for purposes they did not consent to.
The Fallout from 23andMe’s Data Breach Lawsuit
In addition to the bankruptcy proceedings, 23andMe’s recent settlement of a data breach lawsuit for $30 million has raised further alarms about the company’s data security practices. The lawsuit stemmed from a 2021 data breach, during which hackers gained access to customer data, including genetic information.
What Does This Mean for Customers?
While the company has worked to improve its data security measures since the breach, the lawsuit highlights the ongoing risks faced by consumers. The settlement does little to reassure customers, especially as the company’s financial troubles and bankruptcy raise concerns about its ability to continue providing robust data protection.
Conclusion: What’s Next for 23andMe and Customer Data Privacy?
The bankruptcy of 23andMe, combined with the ongoing investigation by Congress, underscores the growing need for stronger regulations surrounding genetic data privacy. As the company navigates its financial troubles and potential sale, customers must remain vigilant about the security of their personal information.
While 23andMe has made efforts to improve its data security, the lack of clear protections, combined with the uncertainty surrounding its future, leaves many questions unanswered. The ongoing investigation by Congress is a step toward addressing these concerns, but it remains to be seen how 23andMe will handle customer data in the future.
For now, the best advice for customers is to stay informed, review their data privacy options, and consider deleting sensitive information from the platform if they feel uncomfortable with the company’s current practices.
Further reading:
- House Committee’s Letter to 23andMe
- 23andMe Settles Data Breach Lawsuit for $30 Million
- Image Credits: Unsplash
