In a high-profile move, genetic testing giant 23andMe has filed for Chapter 11 bankruptcy, leaving more than 15 million customers wondering what will happen to their most personal data—their DNA. While the company claims it will continue to protect user information, privacy experts and regulators aren’t so sure.
For small to mid-sized business owners—especially in regulated industries like finance, healthcare, law, and education—this should be a wake-up call.
The Bigger Issue: Data Is an Asset—and a Liability
23andMe built its business by collecting and storing one of the most sensitive data types imaginable: genetic information. Now that its assets (including customer data) may be sold off during bankruptcy proceedings, there’s growing concern that this data could fall into the wrong hands.
This highlights a much broader and more relevant issue for business leaders:
If your business collects and stores sensitive data—whether client records, financial data, or protected health information—you could be the next target.
What Went Wrong?
-
September 2024: 23andMe agreed to pay $30 million to settle a lawsuit over a 2023 data breach that exposed 6.4 million customer profiles.
-
January 2024: The company confirmed attackers accessed raw DNA data and health reports through credential-stuffing attacks.
-
November 2023: 23andMe controversially changed its Terms of Use to limit legal action from customers.
Despite promises to safeguard data, 23andMe’s track record tells another story—and now, that data could be up for grabs.
California and UK Regulators Urge Customers to Delete Data
The California Attorney General has issued a consumer alert urging 23andMe customers to delete their data and revoke consent for future research. Meanwhile, the UK’s Information Commissioner’s Office (ICO) reminded companies that under laws like GDPR, data privacy obligations don’t go away—even during bankruptcy.
“Genetic information is among the most sensitive personal data individuals share,” said Stephen Bonner, Deputy Commissioner of the ICO. “Companies handling this data must follow strict governance and security standards.”
Why This Matters for Your Business
Whether or not your company handles DNA data, the takeaway is clear: Data privacy is non-negotiable—and failure to protect it can lead to devastating consequences, including:
-
Regulatory fines
-
Lawsuits
-
Reputational damage
-
Loss of client trust
If you’re still relying on outdated systems, patchwork security tools, or unvetted IT vendors, you’re playing with fire.
How to Safeguard Your Business Now
Here are four practical steps to avoid becoming the next cautionary tale:
-
Get a Security Risk Assessment: Identify weak points in your network before attackers do.
-
Enforce Multi-Factor Authentication (MFA): Most breaches start with compromised passwords.
-
Back Up Data Securely: Regular backups can prevent ransomware from destroying your operations.
-
Partner with a Trusted MSP: Managed Service Providers like us specialize in compliance, data protection, and business continuity.
Don’t Wait for a Crisis to Take Action
At Iler Networking & Computing, we help companies like yours stay protected, compliant, and stress-free. From cybersecurity to data compliance to managed IT services, we’re here so you never have to worry about being the next 23andMe.
Book a free consultation today and let’s talk about locking down your data—before someone else gets to it.
Click here to schedule now or call 440-322-4537 to get started.
