23andMe, one of the most prominent consumer genetic testing corporations, recently declared bankruptcy protection under Chapter 11 after years of monetary challenges and a highly publicized breach of data security that compromised the delicate genetic material of millions of applicants. While 23andMe’s ambition was to furnish users worthwhile insights into their lineage and well-being, this predicament emphasizes serious concerns regarding cyber protection that could have long-lasting repercussions for patrons who have utilized the platform.
If you’ve submitted your DNA to 23andMe—or any other genetic testing service—you may be pondering: Is my information still protected? The reality is, right now is the ideal time to take action and shield your most intimate facts by considering deleting your genetic material from their records.
What Happened to 23andMe?
In October 2023, 23andMe suffered a major data breach where hackers accessed sensitive genetic data from over 6.9 million users. The breach was linked to credential stuffing attacks—where cybercriminals used previously compromised login information from other platforms to access 23andMe accounts.
Hackers exposed sensitive data, including:
- Names and personal information
- DNA relatives and genetic relationships
- Ancestry information
- Health-related insights derived from DNA
Despite implementing some security improvements, the damage had already been done. The breach created a serious cybersecurity risk, leaving users vulnerable to identity theft, phishing attacks, and potentially even genetic discrimination.
Why DNA Data Is a Cybersecurity Concern
DNA is the most personal form of data anyone can share. Unlike credit card information that can be canceled or changed, your genetic data is immutable and permanent. If it falls into the wrong hands, it could be used for unethical purposes, including:
- Identity theft or impersonation: Hackers could potentially use genetic data to create convincing phishing attacks or manipulate individuals.
- Targeted attacks or extortion: Cybercriminals may use sensitive health or ancestry information to target or blackmail users.
- Future misuse by third parties: Even if 23andMe sells its assets or transitions to new ownership, it’s unclear how DNA data will be handled.
How to Delete Your DNA Data from 23andMe
If you’re concerned about your privacy and want to prevent further risks, deleting your data is the safest course of action. Here’s a step-by-step guide to doing it:
Step 1: Log In to Your 23andMe Account
- Go to 23andMe’s website and log in with your credentials.
Step 2: Download Your Data (Optional)
- If you want to keep a copy of your DNA data before deleting it, go to Settings > Download Your Data and follow the instructions.
Step 3: Delete Your Data
- To request data deletion, navigate to Settings > Privacy & Data.
- Look for the “Delete Your Data” option and follow the prompts.
- Confirm your request. Once your data is deleted, it cannot be recovered.
Step 4: Opt-Out of Research (Optional)
- If you’ve consented to research participation, you may also want to withdraw your consent under Privacy & Preferences to ensure your data is not used in future studies.
Why You Should Act Now
With 23andMe facing bankruptcy, there’s uncertainty about how user data will be handled in the future. Deleting your data now ensures that even if the company changes hands or its assets are sold, your sensitive genetic information is not part of the deal.
23andMe's circumstances illustrate that even enterprises with earnest objectives can endure wrecking security violations. Taking the reins of your genetic dossier presently is a pivotal action in reserving your secrecy moving ahead.
If you’re ready to protect your genetic data, take the steps outlined above and make cybersecurity a priority.