What Really Happened to 23andMe? From DNA Kits to Data Breach and Bankruptcy

If you’ve ever spit in a tube for a DNA test, chances are you’ve heard of 23andMe. They were once the go-to company for learning about your ancestry, health traits, and even distant relatives. But fast-forward to 2025, and 23andMe is no longer the genetic giant it used to be. What happened?

Let’s break down how a major data breach shook the company to its core and eventually led to bankruptcy.

It All Started with a Breach…

In late 2023, 23andMe was hit with a major data breach that affected about 6.9 million users. But here’s the twist: it wasn’t some high-tech hack from the movies. Instead, hackers used a method called credential stuffing meaning they took compromised login info from other websites and tried them on 23andMe. 

Once they were in, the attackers accessed a goldmine of personal and genetic information, including names, birth years, locations, and even family ancestry. Some of this data got leaked online. That leak raised serious red flags at 23andMe.

The Fallout: Losing Trust, Users, and Money

After the breach, people were understandably furious. Who wants their DNA info floating around the dark web? The company faced lawsuits, including a class-action settlement that could cost them up to $30 million. Users started jumping ship, and new sign-ups took a nosedive as customer trust was no longer present with this company. 

To make things worse, the genetic testing boom had already slowed down. 23andMe tried to pivot into drug development and telehealth but those ventures were expensive and didn’t pay off fast enough.

By early 2025, the company was bleeding money. They laid off nearly half their staff and, eventually, filed for Chapter 11 bankruptcy.

A New Chapter (Sort Of)

In a surprise twist, pharma giant Regeneron stepped in to buy 23andMe for $256 million. That’s a far cry from their $6 billion valuation back in the day. Regeneron says they’ll keep the consumer DNA services running and protect users’ genetic data. Time will tell how that plays out.

So, What’s the Lesson Here?

Data security isn’t just about emails and passwords anymore. When you’re dealing with something as personal as DNA, trust is everything. 23andMe learned that the hard way.

If you’re using any kind of health or ancestry service, it’s a good reminder: use strong, unique passwords, enable two-factor authentication, and stay informed about how your data is being used.

What are your thoughts? Would you still use a genetic testing service after all this?

#CyberDefense #InfoSecForAll #CustomerTrust  #Cybersecurity #DigitalSafety #SecurityRaptors