Loading…
Loading…
Loading…
Loading…
Loading…
Loading…
Free to get started. No card charged today.
Browse 8,265 companies freeA deep investigation into 23andMe's data collection, privacy violations, and surveillance practices. Founded 2006 in Sunnyvale, California.
Upgrade to SeekerPro for deep-dive reports on every company that touches your data. Members get breach timelines, violation histories, privacy risk scores, and executive contact data before anyone else.
Try SeekerPro →23andMe is a consumer genetic testing company that collected DNA samples and genetic data from approximately 15 million customers before filing for bankruptcy protection in March 2025. The company stored one of the most sensitive datasets in commercial history: the complete genetic profiles of millions of individuals, including health predisposition reports, carrier status for genetic conditions, and ancestry composition data that can identify ethnic heritage. In October 2023, a data breach exposed the personal information of 6.9 million users, including names, birth years, ancestry results, and, for some users, health-related genetic data. The breach exploited credential stuffing attacks on accounts that reused passwords. The bankruptcy filing created an unprecedented privacy crisis as the company genetic database became a corporate asset to be sold to the highest bidder, with no clear legal framework ensuring customer genetic data protections would survive a change of ownership. DNA data is the most permanent form of personal data in existence because it cannot be changed, reset, or deleted. It identifies not just the individual but their biological relatives, ethnic heritage, and health predispositions. Privacy advocates and state attorneys general raised alarms that the genetic data could be acquired by pharmaceutical companies, insurers, law enforcement, or foreign entities, fundamentally altering the privacy expectations under which customers originally provided their DNA.
The following is a documented list of data points that 23andMe collects from users, customers, and in some cases non-users. This data powers their business model, fuels targeted advertising, and in many cases is shared with or sold to third parties including government agencies.
Upgrade to SeekerPro for deep-dive reports on every company that touches your data. Members get breach timelines, violat...
Try SeekerPro →Run a free privacy and compliance scan on any website in 60 seconds. NexusBro checks cookie consent, hidden trackers, th...
Try NexusBro →Stop spending hours filing DSAR requests and opt-out forms manually. BliniBot automates data deletion requests, cookie c...
Try BliniBot →Below is a timeline of documented privacy violations, regulatory fines, lawsuits, and enforcement actions against 23andMe. These events represent only the violations that became public. The true scope of data misuse at any major company is almost certainly larger than what regulators and journalists have uncovered.
Data breach exposes personal data of 6.9 million users
Class-action lawsuits
Board members resign over data protection concerns
N/A (governance crisis)
Bankruptcy filing puts 15M users genetic data at risk of sale
AG investigations in multiple states
California AG warns consumers to delete data before acquisition
Advisory
You do not have to accept 23andMe's data practices. These alternatives offer comparable functionality with significantly better privacy protections. Switching reduces the volume of personal data flowing into commercial surveillance systems and sends a market signal that privacy matters.
Run a free privacy and compliance scan on any website in 60 seconds. NexusBro checks cookie consent, hidden trackers, th...
Try NexusBro →Stop spending hours filing DSAR requests and opt-out forms manually. BliniBot automates data deletion requests, cookie c...
Try BliniBot →Build compliant marketing campaigns that convert without invasive tracking. ContentMation generates privacy-respecting f...
Try ContentMation →Start by understanding what data 23andMe already has on you. Check your account settings, download your data archive if available, and review what permissions you have granted. Use OpenPublicHub to research the full scope of 23andMe's data practices and compare them against industry standards.
Disable unnecessary data collection settings, revoke app permissions you do not actively need, and opt out of personalized advertising where possible. Review connected third-party apps and remove any that you no longer use. Every permission you revoke reduces your attack surface and limits the data available for profiling.
Under GDPR, CCPA, and other privacy laws, you have the right to request access to, correction of, and deletion of your personal data. File a Data Subject Access Request (DSAR) to see what 23andMe holds about you. Use BliniBot to automate the process across multiple companies simultaneously.
The most effective protection is to stop using privacy-invasive services entirely. The alternatives listed above offer comparable functionality without the surveillance. Start with the service you use most frequently and work through the list. Every user who switches sends a market signal that privacy is a competitive advantage.
Privacy threats evolve constantly. Follow this expose and related reports on OpenPublicHub to stay updated on 23andMe's practices. Share this page with friends and colleagues so they can protect themselves too. Collective action and informed consumers are the most powerful force for changing corporate behavior.
No. 23andMe filed for bankruptcy in March 2025, putting the genetic data of approximately 15 million customers at risk of sale to unknown buyers. The California Attorney General explicitly advised consumers to delete their accounts and request destruction of DNA samples before any acquisition is completed. A 2023 data breach had already exposed 6.9 million users personal data.
Log into your 23andMe account, go to Settings, and select the option to permanently delete your account and destroy your DNA sample. You should also request written confirmation that your genetic data has been removed from research databases. Act before any acquisition closes, as new owners may not honor deletion requests.
In bankruptcy, 23andMe genetic database is considered a corporate asset. While the company Terms of Service state data will not be shared without consent, bankruptcy law can override such provisions. Multiple state attorneys general are investigating whether adequate protections exist, but the legal framework for genetic data in bankruptcy is untested.
Upgrade to SeekerPro for deep-dive reports on every company that touches your data. Members get breach timelines, violat...
Try SeekerPro →Run a free privacy and compliance scan on any website in 60 seconds. NexusBro checks cookie consent, hidden trackers, th...
Try NexusBro →Stop spending hours filing DSAR requests and opt-out forms manually. BliniBot automates data deletion requests, cookie c...
Try BliniBot →Tools trusted by thousands of privacy-conscious professionals worldwide
No card charged today. Cancel anytime.
Want unlimited access? Explore SeekerPro