23andMe is a biotechnology company based in San Francisco. They are best known for providing direct-to-consumer genetic testing.
More than 30 million people have submitted their DNA to ancestry websites such as 23andMe.
The way it works is that customers provide a saliva sample that is used to generate reports about the person’s ancestry and genetic predispositions to health issues.
In 2008, the company was credited with the “Invention of the Year” by Time Magazine.
About 80% of customers who use 23andMe opt into research that could lead to new drug discoveries.
Now, I’ve said many times before that I wouldn’t share my DNA with these types of companies.
While I think it’s awesome to know your ancestry, I don’t like sharing my DNA, because there are too many security risks.
For example, in October 2023, 23andMe launched an investigation after hackers revealed they had stolen DNA data along with personal information about customers.
The hackers published a link that supposedly contained 20 million pieces of data from 23andMe.
The hackers claimed it was the most valuable data you’ll ever see, and includes photos, names, birthdays, and genetic results.
The data was for sale for $10 per account of data and could be purchased in batches of 100, 1000, and 10,000 customer profiles.
23andMe confirmed that the data listed for sale was legitimate.
The company said that many of the stolen accounts had been part of a “DNA Relative” feature.
So that hackers were also able to steal data about customers’ potential relatives that they matched with.
It’s not surprising hackers targeted 23andMe. Stealing personal data and a DNA profile is a valuable privacy breach.
Knowing that hackers could be selling your DNA profile is scary.
So, if you have used 23andMe or a similar company, here are a few things you should be concerned about.
Hackers don’t know you:
First, if a hacker has all your data and your DNA there is not a whole lot that some Russian hacker can do with it other than selling it.
Your DNA doesn’t mean much to a hacker in a foreign country. It doesn’t help them steal credit cards or banking information.
The concerning thing is that the DNA profile could fall into the hands of someone who does know you or is trying to dig up negative information about you.
Employers:
Let’s say you are looking for a new job. What if your potential employer could search a database for your DNA?
There might be genetic data that suggests a person might be at risk for Alzheimer’s disease.
Could a potential employer use this information to say you are unfit for the position?
Or what if the DNA said you have a predisposition to psychiatric illness?
If the genetic testing fell into the wrong hands, it could possibly be used against you.
Law enforcement:
In the past few years, there have been high-profile crimes solved by police using genetic testing websites.
Police are uploading DNA evidence to these websites and matching the DNA with a relative of the criminal.
However, to do this, police need a court order for companies like 23andMe to provide the customer data.
But if your DNA appeared on a publicly accessible website, they could run every piece of DNA evidence through a website and see if they get a hit.
It would be an alternate system for police to use to track down criminals (or innocent victims).
And it’s an open door for law enforcement to get personal and private information without a warrant. It’s a very dangerous prospect.
Who is 23andMe sharing with?:
23andMe shares customers’ genetic sequencing with other companies. For example, they have data-sharing deals with drug companies and researchers.
The company says they have consent from customers to do this.
But who knows who could end up with your genetic profile and what they could be doing with it.
Do the companies 23andMe share your data with have tight security around your information?
It’s impossible to know.
Most people aren’t aware their genetic data is being shared.
This is why it’s so important to read the fine print with companies such as 23andMe.
These days, more companies are studying genetic markers and how our genes influence our lives.
This can be a good thing.
But at the end of the day, I’ll keep my genetic profile to myself. There is no good reason to share it with anyone except my family and doctors.
The risks are just too great.
And because it’s part of my overall security and safety plan, I definitely am careful with exactly what I share online.