Customers are rushing to delete their personal data from 23andMe after the embattled DNA testing company filed for bankruptcy on March 23, 2025.
A wave of concern followed a stark warning from Harvard Law School faculty director I. Glenn Cohen, who confirmed that genetic data stored by the company is not protected under the Health Insurance Portability and Accountability Act (HIPAA).
“When you provide information, including your genetic data, to a direct-to-consumer company like 23andMe, you are not covered by HIPAA,” Cohen explained in a March 20 article. This legal loophole means customers are treated as consumers, not patients, and their data lacks the same federal safeguards.
In response, California Attorney General Rob Bonta issued a consumer alert on March 21 advising users to delete their data and destroy any stored genetic samples. “Given 23andMe’s reported financial distress, I remind Californians to consider invoking their rights and directing 23andMe to delete their data,” Bonta said.
To delete your data, log in to your 23andMe account, navigate to “Settings,” click “View” under the “23andMe Data” section, and select “Permanently Delete Data.” Confirm the action via a link sent to your email. Users can also delete stored saliva samples and revoke research consent through their account settings.
The crisis stems from a 2023 data breach that compromised genetic and personal information of nearly seven million users. The company settled a lawsuit, laid off 40% of its workforce in November 2024, and saw stock prices plunge over 70%. Former CEO Anne Wojcicki has stepped down but will remain on the board, with Joe Selsavage now serving as interim CEO.
While 23andMe has pledged to protect user data during its court-supervised restructuring, public trust continues to erode.
COMMENTS
Comments are moderated and generally will be posted if they are on-topic and not abusive.
For more information, please see our Comments FAQ