Menu
By Cian Fitzpatrick | 7th April 2025
Unfortunately, we hear the term âdata breachâ so often now, it can sound like white noise. The risk is that we get complacent about yet another company caught napping with regards to their data compliance responsibilities.
However, beneath the buzzword lies a deep and often irreversible threat. And one that can have horribly serious consequences. From personal privacy violations to long-term reputational damage, data breaches are far more than technical hiccups. In reality, theyâre breaches of trust, security, and most alarmingly, sometimes even identity.
One of the most recent examples is the downfall of genetic testing giant 23andMe.
23andMe, once valued at $6 billion, allowed consumers to uncover ancestral and health-related genetic data through a simple saliva test. With over 15 million users, it held one of the largest private DNA databases in the world. But in 2023, the company suffered a massive data breach affecting 6.9 million accounts. As a result, a trove of sensitive genetic and personal information is now exposed.
Now, in March 2025, the company is filing for bankruptcy. Amidst the financial turmoil, the co-founder Anne Wojcicki has stepped down as CEO and the company is actively seeking a buyer.
Of course the bankruptcy news is a big deal. But the far bigger story is what will happen to the fate of all the customer DNA data that 23andme holds? What happens to the genetic profiles if the company is bought? Who will have access to them? Under what terms? How protected, if at all, is this data?Â
These arenât just theoretical questions. Instead, theyâre a wake-up call for individuals and businesses alike.
A data breach is dangerous for more than one reason.Â
Remember that in most breaches, itâs personal information that is being lost, not just random numbers. Itâs names, addresses, health histories, login credentials and more. This is already serious enough, but in 23andMeâs case it goes even deeper: peopleâs genetic blueprints are now exposed. Unlike a credit card, you canât âcancelâ your DNA. Once itâs exposed, itâs out there forever.
When consumers hand over data to a company, thereâs an implicit trust contract. A breach doesnât just compromise data. It smashes the trust contract into a thousand pieces.
23andMe had built a brand around empowerment and scientific curiosity. But after the breach, users began to question the very foundation of that promise. Reputational damage like this is often fatal.
Depending on jurisdiction and the nature of the data, companies that suffer breaches can face significant legal consequences. But the 23andMe case highlights a glaring problem; protections around data, especially genetic data, are patchy.
In the U.S., HIPAA, the main U.S. health privacy law, doesnât apply to direct-to-consumer biotech firms. And while some U.S. states offer stronger consumer protections, thereâs no consistent federal legislation. That leaves consumers exposed and companies vulnerable.
Breaches are expensive. According to IBMâs 2024 Cost of a Data Breach Report, the average cost of a breach was $4.88 million. For 23andMe, it marked the beginning of the end. Customer trust dropped and revenue collapsed. By 2025, the companyâs valuation had cratered from billions to under $50 million.
When we talk about data breaches, it can sound like data was hacked in a dramatic Hollywood thriller kind of way. The truth is far more mundane. In reality, most data is hacked through an organisationâs most common entry point – email.
Phishing, spoofing, compromised credentials and social engineering attacks all begin in your inbox. And for businesses, the consequences can be devastating, from ransomware attacks to business email compromise (BEC), where attackers pose as trusted colleagues or suppliers to redirect payments or extract sensitive data.
Thatâs where managed email security providers such as Topsec come in.
Topsec is a leading managed email and cybersecurity provider. It helps organisations across Ireland, the UK, and Canada protect their data, especially from email-based threats.
Here’s how Topsec helps mitigate the risk of a data breach:
Topsec uses advanced filtering to block spam, phishing attempts, and malware before they ever hit an employee’s inbox. By scanning emails in real time for suspicious links, payloads and behavioural patterns, Topsec reduces the risk of human error. Sadly, itâs humans who are the #1 cause of breaches.
One of the most overlooked risks in email security is domain spoofing. This is where hackers send emails that appear to come from your business. Topsec helps clients implement DMARC, SPF and DKIM protocols to authenticate emails and protect your domain reputation, ensuring that customers, partners and employees arenât duped by imposters.
Bad actors donât keep office hours. Security isnât a set-it-and-forget-it function. With Topsec, businesses benefit from round-the-clock monitoring, alerts and expert support. If something does go wrong, no matter what the time, our clients are not facing it alone.
Topsec also provides secure email archiving and data retention policies that help businesses remain compliant with GDPR and other regulatory frameworks. This is essential if youâre handling customer data or operating in regulated sectors.
Because the human factor is such a key vulnerability, Topsec supports clients with cybersecurity awareness training. We help teams spot red flags and avoid risky behaviours. A well-informed team is your first line of defence.
While 23andMe is an extreme example, it highlights risks relevant to all businesses.
Every company today is, in some form, a data company. Whether it’s managing customer payments, storing employee records or handling client communications, data is at the heart of it all.
Hereâs whatâs at stake:
If youâve ever signed up for a DNA test, online account, or cloud service, your data is already out there in some form. But you can still take steps to protect yourself:
Â
For 23andMe customers, experts advise deleting your data, revoking research permissions and requesting genetic sample destruction. Even then, some data may be retained for legal compliance.
If you run a business, the lessons from 23andMe are stark:
The 23andMe collapse is a dramatic cautionary tale. That said, most breaches donât make international headlines. They happen quietly, through an errant click or a phished email.
The status quo of the past no longer applies. Security is not just an IT issue; itâs a business-critical priority that everyone in the organisation is responsible for. Whether youâre handling genetic data or garden-variety invoices, your defenses need to be strong, proactive and ongoing.
Partnering with experts like Topsec can help keep your inbox, reputation and organisation secure. Contact us today to see how we can help.
