The DNA testing company 23andMe has agreed to be acquired by Regeneron Pharmaceuticals for $256 million (£192 million). This deal follows 23andMe’s recent filing for bankruptcy protection in the United States. Regeneron has committed to maintaining the privacy policies of 23andMe and ensuring strong security measures to protect user data. Additionally, 23andMe recently agreed to appoint an ombudsman to oversee user data protection, a move prompted by concerns from several US state attorneys general about potential misuse of genetic data by future owners.
Regeneron Acquires 23andMe Assets Amid Financial Struggles and Business Model Challenges
Regeneron will acquire nearly all of 23andMe’s assets, with the subsidiary Lemonaid Health set to be wound down as part of the agreement. Post-acquisition, 23andMe will operate as a wholly-owned unit under Regeneron, which plans to leverage the company’s genetic data for drug development purposes. Mark Jensen, chairman of 23andMe’s board, expressed optimism that the transaction would allow the company’s mission to continue while safeguarding customer privacy, consent, and data security throughout the transition.
Regeneron Buys 23andMe for $256 Million After Bankruptcy and Data Breach Fallout23andMe was co-founded in 2006 by Anne Wojcicki, who served as CEO until March 2023. The company gained early popularity with endorsements from celebrities but struggled financially despite going public in 2021 at a valuation above $6 billion. Weak demand for its DNA testing kits, an unsuccessful subscription service, and stalled drug development initiatives led to sustained losses. Compounding these issues, a significant data breach in 2023 exposed sensitive information of millions of users, resulting in a lawsuit settlement and major layoffs that cut about 40% of its workforce.
Data Breach Exposed Millions, Prompting Legal Action and Increased Privacy Oversight
The 2023 data breach involved hackers accessing user family trees, birth years, and locations through compromised old passwords, though 23andMe stated DNA data was not stolen. The breach raised alarm over the company’s ability to protect sensitive genetic information, culminating in a lawsuit involving nearly seven million customers. The fallout severely damaged trust and highlighted the risks tied to handling personal genetic data, a factor that influenced regulatory scrutiny and contributed to the company’s decline.
Following its bankruptcy filing in March, 23andMe faced pressure from state attorneys general to ensure customer data privacy, including recommendations for users to delete their information from the database. The company affirmed that buyers would be legally obligated to uphold data protections.
However, its privacy policy allowed for personal data to be accessed or transferred during bankruptcy or acquisition proceedings. To address these concerns, 23andMe agreed to a court-appointed overseer tasked with monitoring genetic data security, reinforcing efforts to protect consumers in the midst of ownership changes.
