US Regulators Tell 23andMe to Protect Genetic Data

The US Federal Trade Commission (FTC) has issued a stern warning to genetic testing firm 23andMe, urging the company to protect its customers' personal information and biological samples as it navigates bankruptcy. The move comes amid concerns over the company's handling of sensitive genetic data following a major data breach two years ago.

In a letter to 23andMe's bankruptcy trustees, FTC Chairman Andrew Ferguson emphasized that any sale or transfer of user data during the bankruptcy process would be subject to the representations made by the company about its commitment to privacy and data security. Ferguson noted that 23andMe assures users that the company does not share their personal information with third parties without explicit user permission or a valid court order.

The FTC's intervention is a significant development in a saga that began when 23andMe filed for bankruptcy this month. The pioneering US company, which was once at the forefront of the DNA testing craze, has been struggling to maintain its customer base as the testing market has declined in recent months. The company claims 15 million customers and has seen its sales decline significantly since its public listing in 2021.

23andMe's financial woes have been compounded by a major data breach that saw 6.9 million accounts compromised, including sensitive information on genetic matches. The hackers used customers' old passwords to gain access to data containing names, sex, birth year, location, photos, health information, and genetic ancestry results.

In response to the breach, 23andMe agreed to pay approximately $37.5 million to settle claims related to the incident. However, the company's struggles have led to significant staff layoffs, with over 200 employees dismissed in November alone. The company has also suspended its research programs as it seeks a buyer.

The FTC's warning underscores the importance of protecting genetic data and ensuring that companies prioritize their customers' privacy and security. As the use of DNA testing and genomics becomes increasingly widespread, regulatory bodies must continue to monitor and enforce strict standards for data protection.