Genetic Testing Giant Faces Legal Heat Over Data Exposure

A major player in home DNA testing found itself in legal trouble last month when California took action against it for a large-scale data breach from 2023. Officials say the company failed to act quickly enough on early warnings about unauthorized access to its systems. Around 6. 9 million people across the U. S. had their genetic data, health details, family connections, and ancestry information exposed during a hack that lasted from April through August of 2023. Nearly 856, 000 California residents were among those affected, raising serious questions about how sensitive personal information is protected in the age of at-home genetic testing. Instead of moving fast to contain the breach, the company reportedly downplayed its severity and ignored repeated signals that something was wrong. The state argues this was a clear violation of privacy laws designed to safeguard genetic information. Now, California is pushing for hefty financial penalties that could run into millions of dollars. But collecting those fines may be complicated. The company filed for bankruptcy protection earlier this year, a move that pauses many legal actions until the court process finishes. Meanwhile, a separate $30 to $50 million fund has already been set aside to address customer claims—though critics say that amount might not fully cover the harm caused.What makes this case even more troubling is how the company handled the aftermath. Reports suggest it didn’t inform customers with specific ancestry backgrounds—like those of Chinese or Ashkenazi Jewish heritage—that they might have been targeted by hackers. Even worse, their personal data was reportedly put up for sale on underground online markets. This raises concerns about whether the company prioritizes customer trust over profit, especially when dealing with highly sensitive health and genetic records. The company isn’t new to controversy. It launched in 2006 and went public in 2021, riding the wave of public interest in personalized ancestry and health insights. But in early 2025, it filed for Chapter 11 bankruptcy, blaming the data breach, ongoing lawsuits, and stiff competition for declining sales. The situation took another turn last summer when a research institute tied to one of its founders bought the company’s assets for $305 million—despite objections from the state. Officials argued that transferring genetic data without explicit consent violated California law, and that legal challenge is still unresolved. This isn’t just about one company making mistakes. It highlights how quickly personal data—especially genetic data—can become a target. Unlike credit card numbers that can be canceled, your DNA is permanent. Once it’s out there, it can’t be taken back. The lawsuit forces us to ask tough questions: Who should be held responsible when private genetic data gets exposed? What safeguards should exist for companies handling such intimate information? And why does it often take a lawsuit for real changes to happen?