A drug developer is buying 23andMe – what does that mean for your DNA data?

Following a data breach and bankruptcy, genetic testing service 23andMe will soon be in different hands. On Monday, biotechnology company Regeneron announced that it won the top bid in a bankruptcy auction for 23andMe. In the $256 million acquisition expected to close in the third quarter of 2025, 23andMe will become a subsidiary of Regeneron but continue its current operations and business.

Also: How to delete your 23andMe data and why you should do it now

The deal comes at a rocky time for 23andMe. In late 2023, the company revealed that it had been hit by a data breach that compromised around 14,000 accounts. Using credential stuffing to gain access, the attackers were able to view DNA Relative profiles of 5.5 million people. The compromised data included display names, relationships to the compromised accounts, locations, ancestor birth locations, birth years, percentage DNA matches, and the Family Tree profiles of 1.4 million people.

In response, a slew of class action lawsuits sprang up, alleging that 23andMe didn’t effectively protect customer data and that it failed to notify users with Chinese or Ashkenazi Jewish ancestry that their information was targeted and shared across the dark web. With the suits proving successful, affected customers can now file a claim to collect their portion of the overall $30 million penalty.

Following the lawsuit and declining sales, 23andMe filed for bankruptcy this past March. The breach and the bankruptcy both raised fears over what happens to personal genetic data if the company goes belly up. At the time, California Attorney General Rob Bonta even advised customers to delete their data due to concerns over where it might end up.

Well, now that 23andMe will have a new parent, does that mean the data will be in safer hands? In its press release, Regeneron touted its expertise in biotechnology and DNA research and promised to take the necessary measures to protect customer data.

Also: You could get $10K from 23andMe’s data breach – how to file a claim today

“Regeneron intends to ensure compliance with 23andMe’s consumer privacy policies and applicable laws with respect to the treatment of customer data,” the company said. “As the successful bidder, Regeneron is prepared to detail the intended use of customer data and the privacy programs and security controls in place for review by a court-appointed, independent Customer Privacy Ombudsman and other interested parties.”

Genetic testing services like Ancestry.com and 23andMe have offered a quick and easy way to investigate your family origins. Just spit into a tube, send in the kit, and wait for the results. You’ll not only learn about your ancestry but find the closest matches on your family tree.

Sounds great. But there are those pesky issues of privacy and security. A company may promise to keep your data private and protected. But one internal mistake can lead to a devastating data breach that compromises your genetic information and sees it traded on the dark web.

Also: The best password managers: Expert tested

Does that mean you should never use a DNA testing service? That’s up to you to decide. But if you do set up an account with any such service, make sure you protect it with your own security measures. That means a strong, complex, and unique password backed up by multi-factor authentication.

Stay ahead of security news with Tech Today, delivered to your inbox every morning.