As 23andMe Struggles, Concerns Surface About Its Genetic Data

A plummet in the company’s valuation and a recent board resignation have raised questions about the future of genetic data collected from millions of customers.

The genetic testing company 23andMe, once valued at $6 billion, is facing an uncertain future after a drop in share prices, a recent board resignation and a data breach last year that affected nearly seven million customers.

The turmoil has raised questions about what might happen to the genetic data of the company’s roughly 15 million customers.

Last month, the seven independent directors of the board sent an open letter to Anne Wojcicki, the chief executive and co-founder of 23andMe, notifying her of their resignation while citing frustration with the company’s direction.

“After months of work, we have yet to receive from you a fully financed, fully diligenced, actionable proposal that is in the best interests of the nonaffiliated shareholders,” the letter said.

Soon after, Ms. Wojcicki, who owns 49 percent of the voting stock, said in a federal filing that she was determined to take the company private.

The company has said that it is committed to customer privacy, but people who have submitted tests to discover ancestry lines or for health care research can potentially leave their information vulnerable to threat actors.

Customers provide the company with a saliva sample for analysis of ancestry, family traits and potential health risks. Eighty percent of people also agree to have their genetic data used for research on diseases, such as Parkinson’s and lupus, according to 23andMe.

“People don’t, I think, appreciate how large the genetic information for a person is,” Mark Gerstein, a professor of biomedical informatics at Yale University, said on Saturday.

“In theory, if there’s a mess-up with your credit card or Social Security number, you get a new one, it can be fixed,” Professor Gerstein said. “But there’s absolutely no way to get a new genome.”

If a threat actor was able to access a genome, which contains DNA information, one of the biggest concerns is that someone’s medical characteristics and potential for health risks, he said, like psychosis or heart disease, could be revealed.

Though a genome does not change, the technology that is able to analyze it continues to advance and more precisely interpret the material.

Andy Kill, a company spokesman, on Saturday said the company adheres to the rules regarding the data that it gains.

“We follow laws that regulate the data we collect and believe strongly that customers should have the choice and ability to decide how their data is used,” he said. “Nothing about that commitment has changed.”

After 23andMe went public in 2021, its value briefly topped $6 billion, but today its shares are worth less than $1 each. In a statement released in August, the company said that its revenue for the first quarter of the 2025 fiscal year totaled $40 million, about 34 percent less than the same period the year before.

Part of the drop in earnings was attributed to fewer test kits being ordered, which comes on the heels of a data breach last year that targeted Jewish and Chinese customers, according to a class-action lawsuit.

In December 2023, hackers were able to gain access to the personal information of nearly seven million profiles by recycling old passwords that 23andMe customers had used on other sites that had been compromised. The company said in a statement at the time that it was taking steps to further protect data.

“23andMe, in addition to our own strict privacy and security protocols, is subject to state and federal laws that require similar or more protective privacy and security program requirements than HIPAA,” Mr. Kill said, referring to the Health Insurance Portability and Accountability Act.

Although some laws are enforced by individual states, Mr. Kill said that “23andMe took additional steps to apply them to all 23andMe customers globally.”

Genome structures are complex, and the path to unearthing sensitive information from them is far from simple. But it’s hard to tell what might be accessible to someone with the right tools.

Looking at a genome can reveal a complicated structure, akin to ones and zeros of binary code, Professor Gerstein said. That might make it seem like the information is harder to glean than from a personal tech device.

“Superficially, there might be a comforting aspect to that, as opposed to if I peek in your email box,” he said. However complex the genome is, though, it can still hold sensitive private data.

“In the longer term, maybe it actually is more revealing,” he said.

Explore Our Business and Tech Coverage

Dive deeper into the people, issues and trends shaping the worlds of business and technology.

• Malcolm Gladwell’s New Book: As he releases “Revenge of The Tipping Point,” the best-selling journalist talks about broken windows theory, Joe Rogan and changing his mind.
• 5 Days With Elon Musk on X: Almost a third of 171 posts over a five-day period made by the X owner were false, misleading or missing vital context.
• U.S. Ramps Up Hunt for Uranium: Miners are aiming to meet a growing demand for emissions-free energy without a reliance on Russia, though a failure to clean up old sites haunts the industry.
• Mark Zuckerberg’s Political Evolution: Meta’s chief executive, once a backer of liberal causes, wants to stay away from politics, and his company has de-emphasized political content on Facebook, Instagram and Threads.
• Jony Ive After Apple: Five years after leaving the company, the iPhone designer is forging a new life in San Francisco, one imaginative building at a time.