WWhat's 23andMe's next hat? Most people know this biotech company as a genetic testing service. The story of a man who sends a cheek swab through the mail and discovers that the parents who raised him were not his biological parents has become something of a millennial horror genre. Of course, most 23andMe experiences aren't that dramatic. The company says more than 14 million people have used the service to learn more about their ancestors.
But this month, 23andMe revealed it was facing major financial troubles, and more information emerged about the company's devastating security breach last year. Now, customers may be wondering, “Can I trust his DNA on 23andMe?”
DNA's “bait-and-switch”
Last week, 23andMe reported dismal third-quarter results, and the company's stock price fell, CNBC reported. The company's financial difficulties come down to longevity issues. The company's most famous service, DNA ancestry testing, is a one-time transaction. After being tested, there is no reason for consumers to continue paying for his 23andMe, and it has reached a kind of plateau.
Despite this, company CEO Anne Wojcicki told Wired she remains “optimistic” about 23andMe's future.
At-home DNA testing is so popular that you can even order one for your dog. 23andMe was the first company to offer this service in 2007, and now an estimated 1 in 5 Americans has tried genetic testing at home. Some customers handed over personal data that Wojcicki and others used for purposes other than family reunions.
From 2018 to 2023, 23andMe partnered with pharmaceutical giant GlaxoSmithKline to help develop drug targets using customers' genetic information. (Drug targets are molecules involved in a disease. Researchers use them to develop treatments for specific diseases.) This year, the partnership became non-exclusive. This means 23andMe can sign deals with more drug companies and squeeze more money out of them. From the treasure trove of DNA.
“This is a real resource that different organizations can apply to their own drug discovery,” Wojcicki said, adding that 23andMe is interested in researching inflammation and immunology, particularly asthma.
23andMe already has two cancer drugs in clinical trials. The drugs were created from users' genetic data. But 23andMe users may not realize that the spit they gave the company months or years ago is being used to make more money.
As health reporter Kristen V. Brown wrote in Bloomberg in 2021: Now they are being subjected to a bait-and-switch because their genes form the basis of potential cancer treatments. ” (Since 2021, the number of customers who have checked this box has increased to 10 million, according to Wired.)
Customer can withdraw consent
Americans tend to believe that their health data is protected by Hipaa, the medical privacy law. So must his 23andMe, with its official-looking cheek swabs and remote labs. However, 23andMe is not a healthcare provider. The same rules don't apply.
“There are no serious safeguards or regulations when it comes to the collection and sale of truly sensitive personal data,” said Suzanne Bernstein, a legal researcher at the Electronic Privacy Information Center. “For 23andMe, this is nefarious. [data] A breach constitutes a security issue, but so does a company sharing your information with a third party you don't know. Customers may technically agree to share their data by agreeing to terms of service, but it's very long and many people don't read it. ”
Some people may feel honored to have their genes used in cancer research. Some people may feel cheated because they paid about $229 for a DNA test kit and 23andMe is using their health data for free. Torin Klosowski, a security and privacy activist at the Electronic Frontier Foundation, said 23andMe could do more to help customers better understand the move before opting in.
“The fact that so many people are surprised by the amount of data being leaked elsewhere is evidence that 23andMe isn't explaining things very clearly,” he said.
Klosowski added that users can opt out of 23andMe's use of their data long after they have shipped their DNA swab, but that information may already have been used for research purposes. “You can ask 23andMe to stop using your information, but you cannot ask 23andMe to remove your sold data from its lists,” he said.
23andMe claims that users are asked to select a survey at the time of purchase, and that all personal data is stripped of identifying information before being shipped for analysis. Your data will not be used without this consent, which may be withdrawn. The company's research division is also overseen by an “independent and impartial” review board. (23andMe did not respond to a request for comment.)
Data breaches lead to class action lawsuits
The 23andMe security breach is still on the minds of many customers. Approximately 7 million customer profiles were hacked last year. Over a five-month period, hackers accessed the personal information of up to 5.5 million people who opted in to one of 23andMe's most famous features: the opportunity to find relatives, as well as their health records, including career status reports. I was able to.
The New York Times reported that customers of Chinese and Ashkenazi Jewish descent were targeted in the breach, and their information appears to have been sold on the dark web. Some of these users recently filed a class action lawsuit against 23andMe, alleging the company failed to notify them of the exposure.
As The Guardian reported on Thursday, 23andMe in a letter to customers downplayed its responsibility for the hack and made claims about the health information that was accessed. “It cannot be used for the purpose of causing harm. The company also criticized customers for “carelessly recycling their passwords and not updating them,” which one former customer called “morally and politically foolish.”
Wojcicki did not speak directly about the breach because the lawsuit is pending, but he told Wired that 23andMe introduced two-factor authentication and forced customers to reset their passwords. “Data privacy and security has always been a very high priority and continues to be a high priority for the company, and we intend to invest further in it,” she said.
Are 23andMe's security problems spelling the end for a company once hailed by Time magazine as the “invention of the year”? Whether or not customer privacy concerns are well-founded, the company's performance is CNN reports that the situation is rapidly deteriorating and the company could be delisted from the Nasdaq if its stock price does not rise.
Dominic Sellitto, a clinical assistant professor at the University at Buffalo who specializes in digital privacy, believes that if 23andMe survives this year, it will be thanks to data mining. “There is a lot of demand and funding for data, especially high-quality health data,” he said. “If 23andMe continues this monetization, it will be a golden ticket in 2024.”