Senator Cassidy, the chair of the US Senate Health, Education, Labor, and Pensions Committee has expressed concerns about foreign adversaries, including the Chinese Communist Party, acquiring the sensitive genetic data of millions of Americans through 23andMe.
The risk is considered real because of the impending takeover of the genetic database that belongs to 23andMe. Since the DNA testing company 23andMe filed for bankruptcy it has been looking for a new owner, and views its genetic data as an asset in the possible sale.
An asset that Senator Cassidy fears could do a lot of harm in the wrong hands, as he wrote in a letter to Treasury Secretary Scott Bessent:
“The recent bankruptcy filing by 23andMe raises questions about potential buyers of its genetic database that contains the information of approximately 15 million customers. Chinese companies have already taken steps to collect genetic data across the world that could be used for adverse purposes.”
The Department of the Treasury, through the Committee on Foreign Investment in the United States (CFIUS), has broad authority to review transactions that may impact the national security of the United States.
23andMe tried to reassure customers that:
“Any buyer of 23andMe will be required to agree to comply with our privacy policy and with all applicable law with respect to the treatment of customer data.”
However, the senator fears that the company and its assets will be sold to the highest bidder which will put the information of its approximately 15 million customers at risk of falling into the wrong hands. For this reason he has asked 23andMe to answer a number of questions about the sales process, the supervision of the transfer, the ability of customers to delete their data, and the effect of the bankruptcy on 23andMe’s cybersecurity infrastructure.
For those that missed our tips the last time, I’ll repeat them here.
How to delete your 23andMe data
For 23andMe customers who want to delete their data from 23andMe:
- Log into your account and navigate to Settings.
- Under Settings, scroll to the section titled 23andMe data. Select View.
- You will be asked to enter your date of birth for extra security.
- In the next section, you’ll be asked which, if there is any, personal data you’d like to download from the company (onto a personal, not public, computer). Once you’re finished, scroll to the bottom and select Permanently delete data.
- You should then receive an email from 23andMe detailing its account deletion policy and requesting that you confirm your request. Once you confirm you’d like your data to be deleted, the deletion will begin automatically, and you’ll immediately lose access to your account.
Check if your 23andMe data was part of the 2023 breach
In 2023, 23andMe suffered a data breach that impacted up to seven million people. Found being sold on the dark web, the data reportedly included “profile and account ID numbers, names, gender, birth year, maternal and paternal genetic markers, ancestral heritage results, and data on whether or not each user has opted into 23AndMe’s health data.”
With the data, cybercriminals could learn about a person’s genealogy and potentially use some of the information to aid them in committing identity fraud.
There is no meaningful way to remove this data from the dark web. Instead, we recommend that you run a scan using our free Digital Footprint Portal to see if your data was exposed in the 2023 breach, and then to take additional steps to protect yourself.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.