Millions Unknowingly Gave Away Their DNA | 23andMe Exposed | Cyber Crime Junkies | Award-Winning Podcast

Your DNA Is Being Sold at Bankruptcy Court Right Now

23andMe proved privacy policies die the moment Chapter 11 gets filed. Here’s what happened to millions of genetic profiles.

Chaos Brief/Cybercrime Junkies

Have you ever paid a company to rob you?

Because that’s exactly what millions of people did when they bought a 23andMe kit. They mailed in their spit, got some ancestry trivia back (congrats, you’re 4% Scandinavian), and handed over the one data set that can never, ever change: their genetic code.

And here’s the thing nobody told you. Those DNA kits? Sold at a loss. The product was never the cute little tube. The product was your genome. Permanent, irreversible, and when the company collapsed, your DNA became inventory on a bankruptcy balance sheet.

Right now, your genetic data is sitting in court proceedings, being argued over by lawyers you’ll never meet. If you hold customer data you wouldn’t want sold at auction, you need to understand what happens when corporate promises wind up in bankruptcy court.

Have you ever paid a company to rob you?

When the Board Runs, Pay Attention

September 2024. The entire board of directors at 23andMe quits. Not one person. Not two. All of them. Simultaneously.

That’s not drama. That’s a power struggle. That’s people who’ve seen the balance sheet and decided they don’t want their names on what comes next.

Because here’s what they knew. A year earlier, in 2023, 23andMe got breached. Millions of profiles were compromised. And unlike a credit card number, you can’t just cancel DNA and get a new one. The damage was permanent. Every single person who mailed in that little tube created a permanent record of themselves that outlives any terms of service they clicked on.

DNA doesn’t get a password reset.

Fast forward six months. The company files for Chapter 11, exactly like those board members predicted. Executives have a sixth sense for when the Titanic’s about to dip. They don’t wait for the iceberg. They see it coming and they run.

The Product Was Always You

Most people thought 23andMe sold DNA kits. Fifty to two hundred bucks, spit in a tube, find out your ancestry. Great.

We were wrong.

Those kits were sold at a loss. The real business model was monetizing the genetic database through partnerships with big pharma and research deals. That works great until nobody trusts you anymore. No trust means no partnerships. No partnerships means no revenue. But the costs of running the operation? Those stayed exactly the same.

The board did the math. Then they ran.

What Happens When a Database Goes Bankrupt

March 2025. Chapter 11 gets filed. The former CEO resigns. The company quietly changes its name to Chrome Holding Company during bankruptcy proceedings.

Your DNA is now a line item under “assets available for sale.”

State attorneys general in California, New York, Texas, and others are losing their minds. They’re screaming about genetic privacy laws, about consent, about how you can’t just auction off millions of people’s biological code.

The bankruptcy judge says the sale can proceed anyway.

Then, in the most Silicon Valley move in history, the former founder creates a nonprofit called the TTAM Research Institute. That nonprofit wins the auction. She essentially buys back her own company assets at a huge discount through bankruptcy court.

Your genetic data just got transferred to an entity you never agreed to do business with. Over the objections of state regulators. All of it still being argued by $800 an hour lawyers in conference rooms none of us will ever be in.

Privacy Policies Have an Expiration Date

Here’s what survives bankruptcy court: creditors.

Here’s what doesn’t: the terms of service you thought protected you.

Have you ever noticed how “we’ll never sell your data” only matters when the company is still alive? Privacy policies don’t survive Chapter 11. A judge decides who gets the database. Your consent is cute. The court says otherwise.

The buyer now pinky promises to honor the old privacy policies. That’s the promise on paper. But a promise hits different when the company that made it doesn’t even exist anymore.

The Real Fraud

23andMe will go down as one of the biggest frauds since Fyre Festival and Elizabeth Holmes’ Theranos. Why did they go under in the first place?

Turns out you can only sell someone their own spit once. There’s no subscription model for your genome. You can’t upsell mitochondrial DLC.

The breach in 2023 was just gasoline. The real fire was the business model from the beginning. They actively marketed a service to people who simply wanted to know their heritage, then turned that data into inventory the moment things went south.

What You Can Do Right Now

Want to delete your DNA from a bankrupt company’s database before some judge decides it’s worth something to somebody you’ve never heard of? Here’s how:

1. Log in to 23andMe

2. Go to account settings, find the “23andMe data” section

3. Download your data first if you want it

4. Scroll to “permanent deletion” and confirm through the email they send

Four steps to undo the thing none of us should have ever done in the first place.

The fine print, because there’s always fine print: Deleting your account stops future use. It doesn’t rewind the clock on research already done through de-identified data. Some data stays where the law says it has to stay. You’re not erasing history. But you are stopping future bleeding.

If you opted into sharing for research at any point, go revoke that too. Separately. Right now. Because clicking “I agree” on a privacy policy years ago is still technically consent until you say otherwise.

Uncomfortable Reality

Your DNA sample might be sitting in a tube somewhere. You can request they destroy it. They say you’ve always had that right. Once it’s gone, it’s gone. No takebacks. Which is exactly the kind of permanence they never warned you about when they were selling ancestry trivia for 99 bucks.

We’re still in active Chapter 11 proceedings as of March 2026. Millions of people’s DNA. Permanent, unchangeable, sitting in a database controlled by a company that went bankrupt.

The product was never the test. It was you.

When corporate directors flee like that, they’re not being dramatic. They’re reading financial statements we didn’t get to see. They knew the company was circling the drain and wanted their names off the paperwork before the crash.

Go delete your data today. Because the next time someone asks what’s the worst thing that could happen to your data, we now have a clear answer: it becomes inventory, gets auctioned to the highest bidder, and gets transferred to an entity you never agreed to do business with.

And that breach back in 2023? That was just the preview. The real disaster was trusting a company with something that can never be changed.

Want more stories about how your data gets weaponized when companies fail? Subscribe to Cybercrime Junkies and never miss an episode.

Go delete your data today. Because when corporate directors flee like rats off a sinking ship, they’re not being dramatic. They’re reading financial statements we didn’t get to see. They knew the company was circling the drain, and they wanted their names off the paperwork before the crash.