It all started in May 2024. A coalition made up of no less than 27 states filed a lawsuit against, you guessed it—the genetics giant 23andMe. The reason is that, allegedly, the company failed to protect users’ sensitive DNA data. As claimed in the lawsuit, a staggering 7 million people, including 1 million with ancestry tied to China and with Ashkenazi Jewish heritage, were left exposed. So, what happened? What were the errors, and what has the trial solved? Let’s unravel everything here, together.
1. What Happened In The 2023 Breach?
In 2023, hackers were said to have accessed personal information via credential stuffing. They, as said in the report, used previously stolen usernames and passwords from other breaches. And what did they do afterwards? They stole numerous names, birthdates, locations, and ancestry data from millions of profiles! The sole purpose was to sell this data on the dark web.
2. DNA Makes This Dangerous
DNA is one of the only things that can ever be changed, ever. Once this data is leaked, it’s compromised forever. And it reveals family lineage, identity, predisposition to illness… an easy way to target a plethora of things, from insurance and employment to targeted scams.
3. The States Are Suing
There are a number of reasons why the states are suing. The main ones are failure to implement proper security, failure to properly inform customers, violation of data protection laws, and the faulty trade practices found. In the lawsuit, it is stated that 23andMe prioritized growth over caution, leading to disastrous results.
4. Is 23andMe To Blame?
23andMe responds by saying it was the customers’ responsibility. The reasoning behind their argument is that hackers got “in” by using outside data leaks. However, critics clap back and say that 23andMe didn’t use multi-factor authentication or at least a warning system. Hence, they allowed users’ family trees to be scraped clean.
5. Your Cousin’s DNA Exposes You Too
No, no one is safe. 23andMe especially encourages DNA sharing through the family match feature. Hackers didn’t need much, just a few accounts, and they got their hands on extensive family trees. So now, the lawsuit is in pursuit of whether these networked features are safe at all.
6. Class-Action Suits
It’s not just the state lawsuit either. Victims, too, are coming forward to say they weren’t notified or protected as they should’ve been. In return, they are demanding damages, reforms, and new, improved safeguards. Spam and scam alerts using people’s private ancestry details are already taking place.
7. 23andMe’s Stock Is At An All-Time Low
It was valued at over $6 billion. Now, it is barely scraping by. Investors are losing confidence in 23andMe due to the multiple lawsuits and public scrutiny. As of June 2025, the company is struggling to regain trust, and its reputation is still at rock bottom.
8. Not Just 23andMe
Companies like Ancestry, MyHeritage, and FamilyTreeDNA are now under increased scrutiny. It’s not just a one-time incident but something more profound, a question about public safety. How safe is our genetic information really? Is the entire family tree just one leaked password away from being compromised?
9. FTC Might Step In
The Federal Trade Commission has the potential to interfere. They are closely watching, and should 23andMe be found liable, then that would spark policy changes for DNA and biometric companies across the nation. We have the potential to see new federal standards for genetic data protection.
10. Your DNA Is Valuable
23andMe could’ve been perceived as a harmless company, just telling you about your roots. But that’s not the whole truth, since with your DNA known, it sells anonymized data to pharmaceutical companies. With this, they develop new drugs. So, another question arises. Who profits from your genes?
11. Hackers Use Your DNA Against You
It is hard to believe, but it is true. Theoretically, with your DNA exposed, they can use it in identity theft, insurance, health discrimination and predictive targeting. Experts are saying that DNA phishing can become the next step in the evolution of cybercrime.
12. International Risks
Exploiting ethnic or medical data for discrimination purposes is also a big possibility. People who fall into certain categories, such as military, minorities, and public officials, can become targets overnight. The Chinese government has already been linked to this genetic surveillance.
13. DNA And Insurance
U.S law does not allow health insurers to use genetic information, but life and disability insurers don’t have to follow this law. So, if DNA data gets into private databases, then these insurers are legally free to assess your future risks without your consent. This is the situation, as under GINA, 2008.
14. Your Children’s DNA
Uploaded data is not just yours. It can potentially be your parents’, your siblings’, and your children’s DNA. So, people who never really gave consent or were made aware of the risks can be exposed to these threats. This lawsuit highlights another really important thing; that your family’s genetic map can be owned by multiple parties.
15. Congress Might Act
They are being pressured into creating a Genetic Privacy Act. This can include the limiting of DNA sales, a strengthening of breach penalties, requiring biometric opt-ins, and banning the long-term retention of data. So, this lawsuit is pushing Congress into taking action.
16. Should You Delete Your Data?
The short answer is: only if you want to. Experts are recommending taking these steps to ensure increased safety. First, change your password and enable 2FA. Make sure you read the fine print on sharing and storage policies. If these are found to be unsatisfactory, then request the deletion of your genetic data. Some platforms are trickier than others when it comes to deletion, so act now if you are concerned.
17. Changes To Digital Privacy
Should your genetic blueprint be vulnerable, then everything is. That is why biometric security is paramount in this day and age. Facial recognition, fingerprints, and voiceprints—it’s about your whole identity. It’s the future of it, which goes beyond genes and stored information.
18. DNA Is Power
Everyone wants access to what makes you, you. From hackers to insurers to governments, they all have the potential to profit exponentially from this. The lawsuit wishes to highlight that genetic privacy is basically Civil Rights 2.0. With someone controlling your DNA, they control your future, be it medical, social, or financial.
19. What Happens Next?
This lawsuit is far from over. But momentum is building. Should the 27 states win, then it will be referenced in all biometric privacy cases moving forward. It doesn’t matter if you’re a DNA test user or not; in this digital age, everyone is affected. So, guard it like your life depends on it. Because truthfully, it might.