SecureMac, Inc.

Checklist 417: 23andMe Goes Bankrupt and a Crash Course in Signal

March 28, 2025

23andMe’s data risks grow post-bankruptcy; meanwhile, officials’ misuse of Signal raises questions—tech isn’t the issue, user behavior is.

Checklist 417: 23andMe Goes Bankrupt and a Crash Course in Signal

23andMe Files for Bankruptcy Amid Ongoing Data Privacy Crisis

In a dramatic new chapter for one of the most prominent names in personal genomics, 23andMe has filed for Chapter 11 bankruptcy protection, raising serious concerns over the fate of the genetic data of millions of users. While Chapter 11 allows a company to reorganize and potentially recover, the implications for consumer privacy and data security are profound and ongoing.

This marks a continuation of the company’s troubles that began with a massive data breach in late 2023, where between six and seven million users’ genetic information was compromised. Critics and affected users pushed back against the company’s attempt to blame them for not enabling two-factor authentication (2FA), despite evidence that some users had done so and were still impacted.

California AG Urges Users to Delete Their Data

California Attorney General Rob Bonta issued a consumer alert warning users to consider deleting their genetic data and having their stored DNA samples destroyed. Citing the company’s financial instability and the sensitivity of the data it holds, Bonta emphasized Californians’ rights under state privacy laws.

The move comes as speculation mounts that 23andMe’s assets—including its vast DNA data banks—could be sold off during court-supervised restructuring, as noted in a report by TechCrunch.

The Fine Print: Data May Be Sold

Despite public reassurances from a 23andMe spokesperson about strict security protocols, internal privacy policies tell a different story. A Next Web report highlights a concerning clause in the company’s own privacy statement: in the event of “bankruptcy, merger, acquisition, reorganization, or sale of assets,” customer data may be “accessed, sold or transferred.”

Adding to the unease, TechCrunch clarified that 23andMe is not bound by HIPAA, the U.S. law protecting health information. Instead, the company operates under a patchwork of state laws, leaving significant gaps in federal oversight.

What Can You Do? Steps to Delete Your 23andMe Data

According to the San Francisco Chronicle, concerned users can take the following steps:

To permanently delete your data:

  1. Log into your 23andMe account.
  2. Navigate to Settings > scroll to “23andMe Data”.
  3. Select “Delete Data” and confirm via the email link.

To download a copy of your data first:

  1. In Settings, go to “23andMe Data”.
  2. Click “View” and download.
  3. Then proceed with the delete process above.

To destroy your DNA sample:

  • Change your preferences under Settings > Preferences to opt out of DNA sample storage.

To withdraw research consent:

  • Visit Settings > Research and Product Consents to revoke any prior permissions.

These steps are essential to safeguarding your genetic privacy, especially as the company’s future and ownership of its data assets remain uncertain.

The Bigger Picture: Not the Last Chapter

Despite filing for bankruptcy, 23andMe is far from done influencing the broader conversation around genetic privacy, consumer rights, and data ethics. With its treasure trove of DNA records potentially up for grabs, the fallout from this saga is likely to extend well beyond the courtroom.

Signal App Misused by U.S. Officials in Sensitive Group Chat Mishap

The end-to-end encrypted messaging app Signal is once again in the spotlight—not because of any flaw in the technology, but due to its misuse by members of the U.S. government, including high-ranking cabinet officials and the Vice President. The incident became public when a reporter from The Atlantic was accidentally added to a group chat, exposing a conversation that reportedly involved plans for imminent military strikes in Yemen.

According to the administration, the information exchanged was not classified, but by any standard, it was highly sensitive. The accidental leak triggered concern not just over national security protocols, but also sparked confusion about Signal’s safety and appropriateness for use in such high-stakes environments.

Signal’s Tech: Secure, Powerful, and Misunderstood

Contrary to some headlines, Signal remains one of the most secure communication platforms available. As outlined in a ZDNet report, here’s what sets it apart:

  • End-to-End Encryption by Default
    No third party—not even Signal itself—can read your messages or hear your calls.
  • No Ads, No Trackers
    Signal is operated by a non-profit foundation, ensuring user privacy over profit.
  • Cross-Platform Compatibility
    Available on iOS, Android, Windows, macOS, Linux, and iPadOS.
  • Disappearing Messages
    Users can set messages to auto-delete between 30 seconds and 4 weeks after being seen.
  • Support for Group Chats and Rich Media
    Ideal for large chats with high-quality image sharing, file attachments, and media support—features that offer clear advantages over traditional SMS or mixed-platform iMessage threads.
  • User-Controlled Read Receipts and Typing Indicators

For the average user, Signal offers a powerful and private communication tool. It’s also why the podcast host moved a mixed iOS/Android friend group chat to Signal, citing better image quality and privacy.

The Problem: Not the App, But the Context

Despite Signal’s capabilities, its use among top government officials is being sharply questioned. As noted in a BBC article, Pentagon regulations explicitly forbid the use of messaging apps like Signal to “access, transmit, [or] process non-public DoD information.”

Even worse, it remains unclear whether the officials were using government-issued, hardened devices or personal smartphones, increasing the security risks. Personal devices may lack protections against spyware, phishing, or other forms of cyber intrusion—especially if user behavior is lax (e.g., accidentally inviting a journalist into a secure chat).

And then there’s the issue of vanishing messages. The BBC cited a former National Archives litigation director who emphasized that federal law requires preservation of all official electronic communication, even those on private apps. Disappearing messages, as reportedly used in this group chat, may violate federal records laws if not properly archived.

Bottom Line: Signal Is Not a Threat—But Misuse Can Be

Signal is a secure, private, and user-friendly messaging app—but not everyone should use it for everything. In the hands of average users, it’s a fantastic tool. In the hands of top officials discussing military operations, it can be a serious liability—not because of what Signal is, but because of how it’s used.

The scandal serves as a reminder: even the most secure tools are only as good as the people who use them responsibly.

Filed under Security News, The Checklist Podcast by SecureMac

Latest Security News

Get the latest security news and deals