US Federal Trade Commission (FTC) chairman Andrew Ferguson on Monday assured the public that their genetic data is safe after issuing a letter to the US trustee handling the 23andMe bankruptcy case, who is expected to sell the company to a third party.
The March 31st letter to acting US trustee Jerry Jensen, his assistant, and two trial attorneys, specifically addressed the handling of 23andMe users’ personal information and biological samples in the event of a potential bankruptcy sale.
“Today, I sent a letter to the company’s Acting U.S. Trustee overseeing the bankruptcy about the potential sale or transfer of millions of American consumers’ sensitive personal information,” Ferguson said in a post on X.
23andMe’s bankruptcy is of great concern to the @FTC. Today, I sent a letter to the company’s Acting U.S. Trustee overseeing the bankruptcy about the potential sale or transfer of millions of American consumers’ sensitive personal information.
undefined Andrew Ferguson (@AFergusonFTC) March 31, 2025
Founded in 2006, the genetic testing and biotechnology company filed for Chapter 11 bankruptcy on March 23rd, just two months after revealing to the US Securities and Exchange Commission (SEC) that threat actors had gained unauthorized access to its servers – and its customers’ private genetic data – in a 2023 breach.
Since the Chapter 11 filing – in which federal officials will foster the sale of the company (and its stored health data) to a not-yet-named buyer – customers have been up in arms regarding the ultimate fate of their genetic information.
Furthermore, it was reported by the BBC on Friday that customers preemptively trying to get their highly sensitive data deleted from 23andMe servers were having a hard time getting through due to increased traffic on the website, leading to even more panic.
In the three-page letter, Ferguson said that all user data should be subject to the company's previous representations regarding "both privacy and data security.”
Ferguson also wrote that “any purchaser should expressly agree to be bound by and adhere to the terms of 23andMe’s privacy policies and applicable law.”
Ferguson also noted on Monday that he personally spoke with 23andMe about their obligations to their users, which he laid out in the letter to the US Trustee’s Office. The consumer watchdog head called upon the Silicon Valley-headquartered company to stand by its previous declarations.
“23andMe promised its customers that it would never disclose any of their genetic information from their medical records to third parties. Those protections, per the company’s privacy policy, remain in place even in the event of a bankruptcy,” he reiterated on X.
“The good news is that 23andMe’s public statements indicate that they will keep these protections. But, going forward, any purchaser of 23andMe should expressly agree to keep those protections in place. Protecting user data should be a priority,” Ferguson said.
The good news is that 23andMe’s public statements indicate that they will keep these protections. But, going forward, any purchaser of 23andMe should expressly agree to keep those protections in place. Protecting user data should be a priority.
undefined Andrew Ferguson (@AFergusonFTC) March 31, 2025
In the January 2025 SEC breach notification, 23andMe admitted that users’ uninterrupted raw genotype data, as well as health, wellness, and carrier status reports, had been exposed during the five-month-long breach.
Additionally, in October 2024, the alleged genetic data of a purported seven million 23andMe users, who voluntarily provided the company with saliva samples to have their DNA analyzed, was put up for sale on the popular hacker marketplace, BreachForums.
Your email address will not be published. Required fields are markedmarked