The drivers behind the once-highflying 23andMe’s path to bankruptcy are myriad, with the chief restructuring officer partly pinning its financial woes on rising inflation, falling demand coupled with increased competition in the genetic testing kit space, and the “one-time” nature of its sales, in a Monday court filing.  

At the same time, the fallout from a 2023 data breach which led to government investigations, lawsuits, and looming liabilities also played a pivotal role in the company’s decline, according to a Monday first declaration filing from CRO Matthew Kvarda, a managing director at Alvarez & Marsal North America who has served as interim CFO of distressed and non-distressed companies, including Revlon.   

Ultimately, despite drawing interest from buyers, the company decided to file for Chapter 11 bankruptcy protection Sunday given “its limited cash and operating cash burn, as well as the uncertainty surrounding the scope and extent of liabilities arising from the Cyber Security Incident, commencing these cases to stabilize the business and monetize its assets on a ‘free and clear’ basis through a chapter 11 plan or sale pursuant to section 363 of the Bankruptcy Code, provided the best path to maximize value for the benefit of the Company’s stakeholders,” according to the declaration. 

In a Monday press release, the company said it was seeking the bankruptcy court’s approval to sell “substantially all its assets” and use up to $35 million in debtor-in-possession financing from JMB Capital Partners along with cash generated from the business to keep operating. It also announced new leadership, picking CFO Joe Selsavage to take on the added role of interim CEO in the wake of co-founder Anne Wojcicki resigning as CEO while staying on the board, effectively immediately.  

Data management issues have continued to dog 23andMe after its bankrupcty filing: the website’s login portal went down Monday evening as many customers rushed to delete their genetic data, with concerns fueled by the memory of a “password hack” in 2023 that exposed 6.9 million people’s information, The Wall Street Journal reported. At the same time, the company asserted in its Monday release that it would not change the way the company “stores, manages or protects customer data.”

In Kvarda’s filing, the 2023 incident is described briefly. It notes that on Oct. 1, 2023 a “threat actor” posted a claim online that it had 23and ME users’ profile information. After learning of the incident, the company initially determined the actor was only able to access 0.1% of user accounts, “in instances where usernames and passwords that were used on the company website were the same as those used on other websites that had been previously comprised or were otherwise available.” The company ultimately determined that personal information related to about 7 million customers was accessed, according to the filing. 

The legal fallout from the incident has included multiple legal actions threatened or filed in U.S. federal and state courts, Canada and the United Kingdom as well as “various domestic and foreign governmental investigations,”  according to the filing. The company said Monday that it wants to use the bankruptcy proceedings to resolve all outstanding legal liabilities stemming from the October cyber incident.