People who used 23andMe, which filed for bankruptcy this week, are being warned to delete their data before it’s too late.
With genetic testing company 23andMe filing for bankruptcy this week, the DNA of millions of people could be in jeopardy.
The filing, which followed the company's settlement of a $30 million lawsuit, has experts warning users to delete their data before it's too late.
WATCH ANYTIME FOR FREE
 |
Stream NBC10 Boston news for free, 24/7, wherever you are. |
"I would say there's definitely a cause for concern," said Aaron Rose, security architect manager at Checkpoint Software Technologies.
The 19-year-old company is seeking a buyer after filing for chapter 11 bankruptcy protection. This means customer data could be transferred to any company that acquires 23andMe. That information is not covered by federal HIPPA laws that protect patient privacy.
Get updates on what's happening in Boston to your inbox. Sign up for our News Headlines newsletter.
Get updates on what's happening in Boston to your inbox. Sign up for our News Headlines newsletter.
"What happens there is essentially, they have debts to pay," explained Rose. "And that means that they need to sell off their assets. One of those assets could potentially be the genetic data they hold."
The California-based company affirms the filing doesn't change how it stores or guards user data. In a FAQ on its website, it said, "any buyer of 23andMe will be required to comply with applicable law with respect to the treatment of customer data."
"Genetic data, that's something you can't change. It's not like a standard breach that we see everyday. You can change your password, you can change your credit card numbers, you can dispute fraud charges – unfortunately, you cannot change your DNA," Rose said. "That information alone, if it ever did fall into the wrong hands, could be used to craft some very impressive phishing campaigns against consumers. So to sum it all up, there's definitely a cause to be concerned at this point."
It's not too late to delete your data from 23andMe. Users can delete their personal information by logging on to their account.
"Do you want to download that data, save a backup, maybe use it for something in the future? And then ultimately, do you want to deactivate and delete your account? By doing so, of course, they're required to remove all of that data from their systems to purge it," said Rose. "Review what data you've shared with them, aside from just your genetic data. But also understand what you have given permission or opted in to sharing with a third party."
If you previously consented to 23andMe and third-party researchers to use your genetic data and sample for research, you may withdraw consent from the account settings page, under "research and product consents."
"I hope that people start to take it very seriously when they're sharing data with a third-party service of some sort," said Rose. "Understand what that data is, how it's going to be used, why it's required in the first place, and whether or not it's gonna be shared with anyone else."
