Deleting your personal data from 23andMe is proving to be hard.<\/p>\n
There are good reasons for people wanting to delete their data from 23andMe: The DNA testing platform has a lot of problems, so let\u2019s start with a recap.<\/p>\n
A little over a year ago, cybercriminals put up information belonging to as many as seven million 23andMe customers<\/a> for sale on criminal forums following a credential stuffing attack against the genomics company.<\/p>\n In December 2023, we learned<\/a> that the attacker was able to directly access the accounts of roughly 0.1% of 23andMe\u2019s users, which is about 14,000 of its 14 million customers. So far not too many people affected, but with the breached accounts at their disposal, the attacker used 23andMe\u2019s opt-in DNA Relatives (DNAR) feature\u2014which matches users with their genetic relatives\u2014to access information about millions of other users.<\/p>\n For a subset of these accounts, the stolen data contained health-related information based upon the user\u2019s genetics.<\/p>\n In January 2024, 23andMe had the audacity to lay the blame at the feet of victims<\/a> themselves in a letter to legal representatives of victims. 23andMe reasoned that the customers whose data was directly accessed re-used their passwords, gave permission to share data with other users on 23andMe\u2019s platform, and that the medical information was non-substantive.<\/p>\n And in September 2024, we found out that the company would pay $30 million to settle a class action lawsuit, as that was all that 23andMe could afford to pay. And that\u2019s only because the expectation was that cyberinsurance would cover $25 million.<\/p>\n As a result, the value of 23andMe plummeted. And last month the company said goodbye to all its board members<\/a> except for CEO Anne Wojcicki who stood by her plans to take the company private.<\/p>\n This uncertainty about the future of the company and, with that, who will be the future holder of all the customer personal information, has caused a surge of users looking to close their accounts and delete their data.<\/p>\n However, it turns out it’s not as easy as just asking for the data to be removed. You can delete your data from 23andMe , but 23andMe says it will retain some of that data (including genetic information) to comply with the company\u2019s legal obligations, according to its privacy policy<\/a>.<\/p>\n \u201c23andMe and\/or our contracted genotyping laboratory will retain your Genetic Information, date of birth, and sex as required for compliance with applicable legal obligations, including the federal Clinical Laboratory Improvement Amendments of 1988 (CLIA), California Business and Professions Code Section 1265 and College of American Pathologists (CAP) accreditation requirements, even if you chose to delete your account. 23andMe will also retain limited information related to your account and data deletion request, including but not limited to, your email address, account deletion request identifier, communications related to inquiries or complaints and legal agreements for a limited period of time as required by law, contractual obligations, and\/or as necessary for the establishment, exercise or defense of legal claims and for audit and compliance purposes.\u201d<\/p>\n<\/blockquote>\n In addition, any information you previously provided and consented to be used in 23andMe research projects cannot be removed from ongoing or completed studies, although the company says it will not use it in any future ones.<\/p>\n This is unfortunate, and is yet another reminder about how once you give information away you cannot always get it back. Let’s hope the policy gets changed and customers are allowed to fully delete their data soon.<\/p>\n It’s still worth deleting as much as possible, though. So here’s how to do that.<\/p>\n When you set up your 23andMe account, you had the options to either have the saliva sample that you sent to them securely destroyed or to have it stored for future testing. If you chose to store your sample but now want to delete your 23andMe account, the company says it will destroy the sample for you as part of the account deletion process.<\/p>\n If you want to find out if your personal data was exposed through the 23andMe breach, you can use our\u00a0free Digital Footprint scan<\/a>. Fill in the email address you\u2019re curious about (it\u2019s best to submit the one you used to register and 23andMe) and we\u2019ll send you a free report.<\/p>\n\n
How to delete (most of) your data from 23andMe<\/h2>\n
\n
Check your digital footprint<\/h2>\n