Signage at 23andMe headquarters in Sunnyvale, California, U.S., on Wednesday, Jan. 27, 2021.
David Paul Morris | Bloomberg | Getty Images
The House Committee on Energy and Commerce is investigating 23andMe’s decision to file for Chapter 11 bankruptcy protection and has expressed concern that its sensitive genetic data is “prone to being compromised,” CNBC has learned.
Rep. Brett Guthrie, R-Ky., Rep. Gus Bilirakis, R-Fla., and Rep. Gary Palmer, R.-Ala., sent a letter to 23andMe’s interim CEO Joe Selsavage on Thursday requesting answers to a series of questions on its data and privacy practices by May 1.
The congressmen are the most recent government officials to boost concerns about 23andMe’s commitment to data security, because the House Committee on Oversight and Government Reform and the Federal Trade Commission have sent the corporate similar letters in recent weeks.
23andMe exploded into the mainstream with its at-home DNA testing kits that gave customers insight into their family histories and genetic profiles. The corporate was once valued at a peak of $6 billion, but has since struggled to generate recurring revenue and establish a lucrative research and therapeutics businesses.
After filing for bankruptcy in in Missouri federal court in March, 23andMe’s assets, including its vast genetic database, are up on the market.
“With the shortage of a federal comprehensive data privacy and security law, we write to precise our great concern concerning the safety of Americans’ most sensitive personal information,” Guthrie, Bilirakis and Palmer wrote within the letter.
23andMe didn’t immediately reply to CNBC’s request for comment.
23andMe has been inundated with privacy concerns in recent times after hackers accessed the data of nearly 7 million customers in 2023.Â
DNA data is especially sensitive because every person’s sequence is exclusive, meaning it might never be fully anonymized, based on the National Human Genome Research Institute. If genetic data falls into the hands of bad actors, it could possibly be used to facilitate identity theft, insurance fraud and other crimes.
The House Committee on Energy and Commerce has jurisdiction over issues involving data privacy. Guthrie serves because the chairman of the committee, Palmer serves because the chairman of the Subcommittee on Oversight and Investigations and Bilirakis serves because the chairman of the Subcommittee on Commerce, Manufacturing and Trade.
The congressmen said that while Americans’ health information is protected under laws just like the Health Insurance Portability and Accountability Act, or HIPAA, direct-to-consumer firms like 23andMe are typically not covered under that law. They said they feel “great concern” concerning the safety of the corporate’s customer data, especially given the uncertainty across the sale process.
23andMe has repeatedly said it’ll not change the way it manages or protects consumer data throughout the transaction. Similarly, in a March release, the corporate said all potential buyers must conform to comply with its privacy policy and applicable law.Â
“To constitute a professional bid, potential buyers must, amongst other requirements, conform to comply with 23andMe’s consumer privacy policy and all applicable laws with respect to the treatment of customer data,” 23andMe said in the discharge.
23andMe customers can still delete their account and accompanying data through the corporate’s website. But Guthrie, Bilirakis and Palmer said there are reports that some users have had trouble doing so.
“No matter whether the corporate changes ownership, we wish to be sure that customer access and deletion requests are being honored by 23andMe,” the congressmen wrote.
WATCH: The rise and fall of 23andMe
