As you may have heard, on Sunday, March 23, 2025, 23andMe entered a voluntary restructuring under Chapter 11 of the United States bankruptcy code. Simultaneously, Anne Wojcicki resigned as CEO.
Predictably, the media had a field day with this story, stoking panic and urging users to delete their data. Muckraking news outlets even falsely claimed that the Attorney General of the State of California told users to do just that.
This is simply not true. You can read AG Rob Bonta’s statement for yourself here. Rather, he “reminds Californians of their right to direct the deletion of their genetic data under the Genetic Information Privacy Act (GIPA) and California Consumer Privacy Act (CCPA). Californians who want to invoke these rights can do so by going to 23andMe’s website.” He’s not warning anyone to do anything; he’s reminding us of our legal rights. It’s up to us to decide whether to exercise them.
Many friends, clients, and readers have reached out to me privately to ask for advice. Ultimately, it depends on your comfort level with uncertainty, but here’s my thinking:
- I am not deleting my kits. At least not yet. I’ll let you know if I do.
- Under California law, we’ll still have the right to delete our kits a week or a month or a year from now, so I’m not going to make any rash decisions.
- 23andMe’s Chapter 11 restructuring was voluntary, not forced. That’s a good thing. We know the company is in financial trouble, not least because of an attack in 2023, but not so much trouble that it’s shutting down. Instead, it’s restructuring and looking for a buyer to continue its mission.
- As 23andMe themselves say in an open letter to the community, the company continues to operate as normal—with the same user access and privacy protections as before—while it looks for a buyer.
- Anne Wojcicki resigned so that she can bid to buy 23andMe herself. She co-founded the company and hasn’t given up on it.
- 23andMe was a Gold Sponsor at RootsTech 2025 in early March. Not only have they not abandoned the genealogy community, they announced new features, like updated diasporic genetic groups, historical matches, records and archives hints, and (to come) ancestry reconstruction.
- Lest we forget, 23andMe is the only major DNA database that hasn’t been sold at some point. Ancestry was purchased by the Blackstone Group in 2020, and the world did not end. Nor did it end in 2021, when MyHeritage was acquired by Francisco Partners and FamilyTreeDNA by myDNA. GEDmatch has been sold twice: to Verogen in 2019 and again (as a subsidiary of Verogen) to Qiagen in 2023.
- Most importantly, everything that happens from here on out will be supervised by a US Bankruptcy Court. We’re not going to wake up tomorrow to find out that our data is owned by an offshore shell corporation for space aliens wanting to clone us.
That said, if you want to delete your data, that’s your choice entirely. The California AG’s statement explains how. Be sure to download your raw data first and store it in a secure place for future use.
You can also gather your match data using a third party tool like DNAGedcom for only $5/month.
Many users will upload their raw data to other sites, like MyHeritage, FamilyTreeDNA, and GEDmatch. However, they should be aware that US federal agents operate in those sites, often against Terms of Service and user consent restrictions. It’s highly likely that agents of other governments and entities are doing the same.
In summary, this is a time to stay calm, take stock of what’s happening, and make measured decisions once we have more information.
I agree completely with almost everything you said here. I might take issue with the statement, “… they not abandoned the genealogy community…” I felt that in the wake of the data breach, it appeared the “legal department” bullied its way into the picture and forced them to disable many features that were critical to the genealogy community. From my perspective, much of that action wasn’t necessary and amounted to a major affront to the genealogy community.
I’m still keeping all kits I control in their system, but I sure felt abandoned when key features were disabled. If they want to show support for the genealogy community, they need to show that support.
Unfortunately, the chromosome browser was the main weakness allowing the attacker to scrape so much personal genetic information. I wasn’t hacked myself, but any health markers I share with someone who *was* hacked is now out there.
Did the 23andMe’s chromosome browser show exact values on shared segments or is it just a pseudo-problem when nobody cannot get practically no private information from start-end positions of the shared segments? At most, he can wallpaper a room with it…
This post explains how one hacked kit can be used to infer genetic conditions in other people using a chromosome browser. https://thednageek.com/cystic-fibrosis-a-case-study-in-genetic-privacy/
Yes, but as it suggests in the bullet list, this is more of an artificial problem than a real risk.
I also don’t understand if both “distant cousins” were verified to be carriers or if it was just deduced from sharing the same segment – with very high probability that the shared segments of 7.5 cM and 8.3 cM are IBC and the persons don’t share the specific allele at all.
While you are correct that smaller segments could be IBC, there’s less than a 9.7% chance of that for the 7.5-cM segment and less than 6.4% chance for the 8.3-cM segment (using FTDNA’s false positive rates reported in 2021). For any segment more than 15 cM, the chances that the other person does *not* carry the mutation is almost nil.
Really? According to several researches I have read, more than 50% of 7cM are IBC. I see it on my matches that only very small amount of my <10 cM match some of my parent.
This page refers to something similar (https://isogg.org/wiki/Identical_by_descent) that only 62% of 8 cM segments survived the phasing of both sides, thus 38% were IBC.
And even if 15 cM segment has very low probability of being IBC, if the chromosome browser shows the full shared segment it does not mean that you share this one specific allele related to some genetic disease.
So the most important question here is – were both distant cousins verified to be carriers or was it just deduced without any evidence?
Different sources give different figures for IBC. The ones from FTDNA are the most recent I’m aware of. That ISOGG table is more than a decade old.
You are right, but 8 cM is still 8 cM, this won’t change over years. But it highly depends on data used for this statistics. Number of SNPs overlap of both kits is also very important factor not often mentioned in these statistics. The percentage also depends on whether both kits were phased or not.
I read some opinions that values from FTDNA paper are too optimistics to be true and it’s also not obvious how they were actually computed. Ancestry paper from 2020 says that about 30% of 7 cM are false.
Actually, the estimated size of a segment might change over the years with improved IBD detection or an updated genetic map.
You are correct that false positives are a consideration, however (1) I believe you are overestimating the false-positive rate and (2) even if one or both of those segments were false positives, it doesn’t change the fact that we can infer genetic conditions in total strangers using a chromosome browser.
Thank you for this Leah!
I’ve been patient with a wait and see attitude, for you and other respected geneologists to chime in officially. Although I have seen some of your comments on FB group(s) and those comments absolutely support what you’ve just posted…and fully support
my position.
I think alot of people don’t understand how that data breech came about and now they see the Chapter 11 filing and think the company is bad. It is not. I’m on all the platforms(and subscribe to your tools as well). Every single DNA platform has been super helpful in many of my projects, both family tree building and very successful unknown parentage searches…Ancestry was enough…it took “a village”!
As for that breech, that could’ve happened to any of the sites. I for one, changed all my cross platform passwords and thankfully, although irritating, they’ve all moved to 2 factor authentication.
I am leaving all of my 23andme tests and accounts intact until I see real reason to delete them. Sad though that I’ve seen some of my “relatives” have left as they don’t feel as safe.
Thank you for your comment. I waited to post because I wanted time to mull things. Unfortunately, that left time for the fear mongers to get traction.
Yeah, that makes sense. Fear mongers just can’t sit back and wait for all the information.
You cannot be blamed for that! Keep on doing what you’re doing, Leah. So appreciate it. 🙂
I meant to say “Ancestry was NOT enough” [to solve my projects…]!
Thanks for this. The NYTimes Wirecutter article probably sent many into a panic. I knew to wait to hear what you had to say. There are also people out there saying that even if you delete your data, the company will still have it. Fearmongers everywhere.
Thank You. Best of luck for a brighter future.
Thanks so much for your calm analysis Leah. I’ll make sure to pass along your advice. I have not deleted my data and will not, unless a bad actor buys the company.
Thanks again