A Sci-Fi Nightmare May Come True: The 23andMe Bankruptcy

https://pngtree.com/freebackground/futuristic-3d-rendering-of-dna-in-a-molecular-background-featuring-gradient-dots-and-lines-for-a-sci-fi-user-interface-concept-that-embodies-big-data_8761492.html

Imagine a world where your most personal data—your genetic makeup—isn't just stored in a secure database but is vulnerable to hackers, then utilized by companies and other individuals to use as they see fit. This scenario mirrors Patty Nicole Johnson's science fiction short story, "The Line of Demarcation," where individuals' genetic and medical data are exploited by corporations, leading to manipulation and discrimination. Unfortunately, this fictional narrative may become a reality, as shown by the recent events surrounding 23andMe, a leading genetic testing company.

23andMe backstory

In October 2023, 23andMe experienced a massive data breach, compromising approximately 6.9 million users. Hackers started a "credential stuffing attack," in which they accessed login credentials from alternative sites to gain access to customer account information such as genetic data, family connections through the “DNA Relatives” feature, and more. This breach wasn't random; it specifically targeted users of Jewish and Chinese descent, raising concerns for ethnic targeting. The aftermath the company had to deal with was severe. 23andMe faced multiple lawsuits, resulting in a $30 million settlement for affected users. (find out more here)

But… it’s just DNA?

What is so disastrous about this data leak? Unlike credit card numbers, DNA cannot be changed if compromised, making breaches like this one extremely alarming. The misuse of genetic information can lead to various forms of discrimination. For instance, in 2001, the U.S. Equal Employment Opportunity Commission (EEOC) filed a lawsuit against Burlington Northern Santa Fe Railroad (BNSF) for doing illegal genetic testing on employees who filed injury claims, to find a genetic reason for their condition (carpal tunnel syndrome). These blood tests were carried out without knowledge or consent, but if they did not comply were threatened with losing their jobs. (find out more here). Another example involves Colman Chadam, a student who was transferred from his Palo Alto school in 2012 due to genetic markers for cystic fibrosis, despite not having the disease. The school was concerned about the risk of infection to other students with active cystic fibrosis, and incorrectly shared that Colman had the disease to other parents, without the Chadam’s permission. Even with a doctor’s note, the school swiftly transferred him against his parent’s wishes. These issues, especially with genetic testing becoming more common place, require legal frameworks to prevent the misuse of genetic information. (find out more here)

As shown in the previous cases, there's a growing concern that employers, insurance companies, schools, virtually any institution might access such information to discriminate against individuals based on their genetic data. For instance, knowing an employee's genetic risk for certain diseases could influence hiring or promotion decisions, while insurers might adjust premiums based on genetic risk factors. In the “Line of Demarcation,” Doelle works at a warehouse and receives “promotions” for working efficiently. These “promotions” forcibly make her take part in the community of people with neolimbs–for some these are artificial limbs to increase a worker’s productivity, others it is a luxury and for cosmetic purposes. The most crucial part however is Doelle has a sister who is suffering from diabetes. It is treatable, but the cost for medication is extremely high due to inflation–and the numbers only keep rising. The company already houses all their employees medical information, and seeing Doelle’s medical and financial situation strategically give her a raise that just perfectly pays for her sister’s medication to coerce her in taking on surgery.

Next steps

In March 2025, 23andMe filed for Chapter 11 bankruptcy protection to sell and maximize the company's value. This would mean that 3rd party companies would have access to the sensitive information that 23andMe has. Despite the bankruptcy, 23andMe stated that they would continue normal business operations and maintain its commitment to protecting customer data (they have already put in place multifactor authorization and other safety protocols), however a major concern is that the buying party overtime may change policies as they see fit.

It is also important to realize how we as consumers can protect ourselves. For one thing, the far-reaching impact of the “credential stuffing” could have been mitigated if users used separate passwords and usernames for each site they use. It is also crucial to read privacy policies, understand how our data will be used, and advocate for stronger regulations protecting genetic information. For instance, 80% of users allowed to share their DNA results to trusted lab and research groups through the 23andMe network (find out more here). This is something that requires user consent, you can always ‘opt-out’ but any research done on your DNA will not be removed from prior papers. It is also important to realize how consumers have little control over how their DNA will be used once it is submitted, and even with the de-identification, researchers have demonstrated that it's possible to re-identify individuals from anonymized genetic information by cross-referencing with other publicly available data (find out more here). This means that even if your name isn't attached to your genetic data, determined individuals could potentially uncover your identity, leading to privacy invasions and profiling.  This is why it is important to realize that each one of our individual actions on the internet leaves a footprint, and we must stay informed and proactive if we hope to protect our data--otherwise, our world may start transitioning into that of “The Line of Demarcation.”