Your DNA’s New Owner: What 23andMe’s Sale Means for You
At CyberStreams, we usually focus on helping small and medium-sized businesses defend against cyber threats. But this time, the threat isn't just to your company data, it's personal. It’s your DNA.
Recently, 23andMe, the popular genetic testing company, was approved for sale in a bankruptcy court. The winning bid? $305 million, paid by a nonprofit called TTAM Research Institute, led by none other than 23andMe’s own co-founder, Anne Wojcicki. That raises a big red flag, especially when you consider what’s really being sold: the genetic data of over 13 million people.
What’s Included in the Sale?
TTAM’s acquisition includes:
13+ million DNA profiles
23andMe’s Personal Genome Service
Lemonaid Health, its telehealth business
That’s not just consumer data, it’s medical-grade data. Your health history, inherited conditions, biological relationships, and more.
A Breach of Trust (and Security)
Why is this such a big deal? In 2023, 23andMe suffered a major breach, exposing the sensitive data of 6.9 million users. Attackers exploited weak password practices, no sophisticated hacking required. Just bad security hygiene.
That breach alone should’ve been a wake-up call. But now, with the company in new hands, the risks escalate. Genetic data is one of the most personal forms of information, and once it’s out, there’s no changing it.
Who Is TTAM, Really?
Some users are relieved that TTAM, a nonprofit, outbid pharmaceutical giant Regeneron. But others are more skeptical. With Wojcicki still at the helm, critics worry about a conflict of interest. Is this truly a fresh start, or just business as usual under a new name?
Adding more fuel to the fire, California’s Attorney General says the sale might violate the state’s Genetic Information Privacy Act, which requires explicit user consent before transferring genetic data. TTAM has pledged to follow existing privacy policies and notify users, but a court-appointed ombudsman warned that their nonprofit status might exempt them from some key data protection laws.
Why Small Businesses Should Care
Think this doesn’t affect your company? Think again.
In 2024, 45% of SMB data breaches involved mishandled client data, costing an average of $4.8 million. If your employees or their family members used 23andMe, that genetic data, if leaked, could be weaponized. We're talking about identity theft, discrimination, even blackmail. And because HIPAA doesn’t apply to consumer DNA firms, legal protections are limited.
Three Actions You Should Take Right Now
To protect yourself, your family, and even your business, here are three steps you need to take today:
Download Your 23andMe Data
Go to Settings > 23andMe Data > View.
Save your raw genetic data and export your Health & Traits reports as PDFs.
Delete Your Genetic Profile
Navigate to Settings > Delete Data.
Confirm via email to permanently erase your genetic profile from 23andMe’s servers.
Spread the Word
Encourage your family, friends, and employees to do the same. Awareness is your first line of defense.
Conclusion: Your DNA Is Your Identity, Guard It
The sale of 23andMe isn’t just a business headline, it’s a wake-up call. Genetic data is the ultimate personally identifiable information. You can’t reset it. You can’t replace it. And now, it’s in the hands of an organization whose motivations, and protections, are far from clear.
Whether you're a business leader or an individual, don’t wait to see how this plays out. Take action now. Protect your DNA like you’d protect your credit card or password. Because in the digital age, your biological code might just be your most valuable, and vulnerable, asset.
