Congressional hearing spotlights national security and privacy risks in 23andMe bankruptcy sale
Get AI-powered insights, summaries, and transcripts
Subscribe
Summary
Lawmakers grilled 23andMe executives and a law professor about how the genetic testing company's Chapter 11 sale could expose the genetic data of millions to misuse, foreign adversaries or commercial exploitation; witnesses described company protections and ongoing court-supervised sale terms.
WASHINGTON — Lawmakers told executives from 23andMe on Wednesday that the company’s Chapter 11 bankruptcy and pending asset sale raise national security and consumer-privacy concerns for millions of Americans who provided genetic samples.
The House Committee on Oversight and Government Reform held a full committee hearing titled “Securing Americans’ Genetic Information, Privacy, and National Security Concerns Surrounding 23andMe’s Bankruptcy Sale.” Chairman James Comer opened the hearing by saying he was convening lawmakers to examine “privacy and national security concerns surrounding 23andMe bankruptcy sale,” and to press witnesses on who might gain access to customers’ sensitive genetic information.
The hearing focused on three interlocking issues: the scale of personal genetic data held by 23andMe, the company’s historical data-sharing and security practices, and the risk that the database could be transferred to a buyer whose actions would put Americans’ data at risk. Anne Wojcicki, cofounder and former CEO of 23andMe, Joseph Selzavage, interim CEO, and Margaret Hu, a law professor and director of the Digital Democracy Lab at William & Mary, testified and answered committee questions.
Wojcicki sought to frame the company’s work as consumer-facing and research-driven, saying she cofounded 23andMe with “the mission of helping people access, understand, and benefit from the human genome.” She told the committee that “privacy was central to every decision we made” during her tenure and that the company required explicit customer consent before anonymized data was used for research, noting more than 80% of customers had opted into research programs.
Selzavage described technical and organizational security measures and told the committee the company had required bidders in the court-supervised sale to “comply with all of our privacy policies.” He said two U.S.-based bidders remained in the auction at the time of the hearing — Regeneron Pharmaceuticals and TTAM Research Institute (a bidder formed by Anne Wojcicki) — and that the special committee overseeing the sale represented the company’s intent not to transfer data to a foreign adversary.
Experts and members raised specific concerns about foreign adversaries and prior incidents. Hu said genetic data “is relational” and carries national security implications in the age of artificial intelligence, describing how aggregated genetic and biometric datasets could be exploited for surveillance, blackmail, or other harmful uses. Members cited a 2019 Department of Defense advisory that warned service members against using consumer DNA kits and pressed witnesses on whether the company had engaged with investors or partners tied to foreign entities.
Wojcicki acknowledged a 2015 investment round that included Wuxi Healthcare Ventures and said the company later terminated that partnership; members noted reporting and public records that Wuxi participated in a $115 million round and that Wuxi’s portion was about $10 million. Committee members also recalled a 2023 incident described by company witnesses as credential stuffing that exposed portions of about 7 million customer accounts; Wojcicki and Selzavage said the company forced password resets and implemented mandatory multifactor authentication in response.
Members pressed for practical protections available now: Selzavage said customers may delete their accounts and data and that since the bankruptcy announcement roughly 1,900,000 customers had requested deletion. He described the deletion process as available through account settings and said the company had been carrying out deletion requests. Wojcicki said that deletions are irreversible during her tenure and that biobanked physical saliva samples were destroyed if customers requested removal.
Lawmakers across the aisle repeatedly called for stronger federal privacy laws to address gaps that allow sensitive biological data to be sold, transferred, or used without robust, uniform protections. Witnesses and members referenced HIPAA, the Genetic Information Nondiscrimination Act (GINA) and the Department of Defense advisory as incomplete coverage for the commercial genetic-data ecosystem.
The committee did not take votes; the bankruptcy sale remains subject to approval by the bankruptcy court. Committee members requested additional documentation and follow-up from company leadership about who has had access to identifiable genetic data and how bidders’ commitments will be enforced.
The hearing concluded with members on both sides urging Congress to consider new statutory protections to govern commercial handling of genetic data and to limit the ways that sale or transfer of such data can occur under bankruptcy or acquisition processes.