The recent turmoil surrounding 23andMe has raised serious concerns about the privacy and security of genetic data. In March 2025, the company filed for bankruptcy, leaving many users worried about what will happen to their sensitive information. This follows a massive 2023 data breach that compromised the personal and genetic information of millions of users. Given these alarming developments, now is the time to take control of your data and permanently remove it from 23andMe’s servers.
23andMe’s Data Breach: What Happened?
In 2023, hackers accessed the personal data of nearly seven million users. This breach exposed sensitive information, including full names, birth years, ancestry results, and health-related genetic data. While 23andMe initially downplayed the breach, further investigations revealed that the attackers had leveraged credential-stuffing attacks, using previously leaked passwords to gain access.
This breach raised serious concerns about how securely 23andMe stores user data and whether the company can be trusted to protect such personal information. Now, with its 2025 bankruptcy filing, the risks of leaving your DNA data on the platform have only increased.
Why 23andMe’s Bankruptcy Poses an Even Bigger Risk
When a company files for bankruptcy, its assets—including customer data—can be sold to pay off creditors. This means your genetic information could potentially end up in the hands of unknown third parties, such as biotech firms, pharmaceutical companies, or even data brokers. While 23andMe claims it does not sell individual genetic data without explicit consent, bankruptcy proceedings create uncertainties.
Additionally, the company’s financial struggles may impact its ability to maintain security protocols. Without adequate resources, 23andMe may not be able to properly protect the data it still holds, increasing the risk of future breaches.
To safeguard your privacy, deleting your data from 23andMe is the best course of action.
How to Delete Your Genetic Data from 23andMe
If you have an account with 23andMe, follow these steps to permanently remove your genetic data:
Step 1: Log Into Your 23andMe Account
Go to the 23andMe website and enter your login credentials.
Step 2: Access Your Account Settings
- Click on your profile picture in the top-right corner.
- Select “Settings” from the dropdown menu.
Step 3: Navigate to the 23andMe Data Section
- Scroll down to the bottom of the Settings page.
- Find the “23andMe Data” section and click “View.”
Step 4: Download Your Data (Optional)
- If you want to keep a copy of your genetic data, you can select specific files to download before deletion.
Step 5: Delete Your Data
- Scroll down to the “Delete Data” section.
- Click “Permanently Delete Data.”
Step 6: Confirm Deletion Request
- You will receive an email from 23andMe.
- Open the email and click the confirmation link to finalize the deletion process.
Once you complete these steps, your genetic data will be permanently deleted from 23andMe’s active database. However, it is important to note that some information may still be retained for legal or regulatory purposes.
What Happens After You Delete Your 23andMe Data?
23andMe states that once a user requests deletion, their data is removed from its active databases within 30 days. However, the company may still retain certain records due to legal requirements. If you previously consented to participate in research studies, your anonymized genetic data may already be in use and cannot be fully erased.
How to Revoke Research Consent on 23andMe
If you agreed to share your genetic data for research purposes, you should also withdraw your consent:
- Go to “Settings.”
- Scroll to “Research Consent.”
- Click “Withdraw Consent.”
This prevents 23andMe from using your DNA for any future research studies.
What Are the Risks of Keeping Your DNA on 23andMe?
Leaving your genetic data on 23andMe poses multiple risks:
1. Future Data Breaches
23andMe has already suffered one major data breach. There is no guarantee that it will not happen again, especially as the company faces financial difficulties.
2. Third-Party Data Sales
If 23andMe sells its assets due to bankruptcy, your genetic data could end up in the hands of unknown third parties.
3. Privacy Violations
Your DNA contains highly personal information that could be used for discriminatory practices by employers, insurance companies, or government agencies.
4. Lack of User Control
Once your genetic data is out there, you have little control over how it is used. Even if you delete your data now, some third parties may already have access to it.
Frequently Asked Questions (FAQ)
Can 23andMe Refuse to Delete My Data?
23andMe is required to delete user data upon request. However, certain legal obligations may allow them to retain some records.
How Long Does It Take for My Data to Be Deleted?
23andMe states that genetic data is removed from active databases within 30 days after a deletion request is confirmed.
Will Deleting My Data Remove My DNA from Research Studies?
No. If you previously consented to participate in research, your anonymized data may still be used. You must manually withdraw research consent under your account settings.
Can I Trust Other DNA Testing Companies?
While companies like AncestryDNA and MyHeritage claim to have strong privacy policies, no genetic testing service is completely risk-free. Users should carefully review their privacy policies before sharing genetic data.
Final Thoughts: Take Action Now
The risks of leaving your genetic data on 23andMe far outweigh any benefits. With the company now in bankruptcy and facing serious privacy concerns, the safest course of action is to delete your DNA from its servers immediately.
Follow the steps outlined above to permanently remove your data and protect your personal information from potential misuse. Additionally, always stay informed about privacy risks when using genetic testing services.
Featured image credit: DepositPhotos.com
