23andMe was never fully banned, but the FDA forced the company to stop selling its health-related genetic tests in late 2013. The issue was straightforward: 23andMe was marketing a product that gave people medical information, like their risk for breast cancer or how they’d respond to certain drugs, without proving to regulators that the results were accurate enough to act on. The company eventually worked its way back into compliance and now offers FDA-authorized health reports, though its recent data breach and bankruptcy have raised a new set of concerns entirely.
The 2013 FDA Shutdown
In November 2013, the FDA sent 23andMe a warning letter ordering the company to stop marketing its Personal Genome Service for health purposes. The core problem was that 23andMe was selling what the FDA considered a medical device without going through the regulatory process required to prove it worked. The company had been in discussions with the FDA for years but had failed to submit the necessary clinical validation data.
The FDA’s concern wasn’t abstract. If a test falsely told someone they carried a BRCA gene variant linked to breast cancer, that person might pursue aggressive medical interventions, including preventive surgery, based on a wrong result. Conversely, a false negative could give someone dangerous reassurance, causing them to skip screenings they actually needed. The same logic applied to drug response reports: incorrect information about how someone metabolizes a medication could lead to the wrong dose. On December 5, 2013, 23andMe suspended its health-related genetic tests and continued selling only ancestry reports while it worked through the FDA’s review process.
How 23andMe Got Back on the Market
The return was gradual. The FDA first authorized 23andMe to offer carrier screening tests in 2015, which tell people whether they carry gene variants they could pass to their children. Then, in April 2017, the FDA classified the broader genetic health risk test as a Class II medical device and allowed the company to report on conditions like late-onset Alzheimer’s disease, Parkinson’s disease, celiac disease, and hereditary thrombophilia, among others.
Authorization came with strict conditions. 23andMe had to demonstrate that at least 90 percent of users correctly understood what the test could and couldn’t tell them. Every report had to include clear limiting statements: the test doesn’t assess your entire genetic profile, a negative result doesn’t mean you’re free of risk, and the results are not a diagnosis. For particularly serious conditions like Alzheimer’s and Parkinson’s, 23andMe was required to add an opt-in step before showing results, giving users a chance to decline the information after reading about what it means and professional guidelines around testing.
The FDA also drew hard lines around what 23andMe could not do. The company was prohibited from offering prenatal testing, reporting on deterministic autosomal dominant variants (gene changes that almost certainly cause a condition), or providing information about how prescription or over-the-counter drugs interact with a person’s genetics. Some of those restrictions have since been loosened. 23andMe now holds FDA authorization for BRCA1/BRCA2 breast cancer risk reports (for selected variants), colorectal cancer predisposition, prostate cancer predisposition, and several pharmacogenetic reports covering drug response.
Countries Where It’s Actually Banned
While the FDA temporarily blocked health reports in the U.S., some countries have gone further by banning direct-to-consumer genetic testing outright. France prohibits the sale of these kits as part of its national bioethics laws, and advocates have been pushing the French government to lift that restriction. The legal framework in France treats genetic testing as something that should only happen through the medical system, with a doctor ordering the test and a genetic counselor interpreting results. Several other European countries have similar restrictions or require a physician’s involvement before any genetic test can be performed.
The Data Breach and Bankruptcy
More recently, people searching “why was 23andMe banned” may be reacting to headlines about the company’s collapse rather than the 2013 FDA action. In 2023, hackers accessed the accounts of roughly 6.9 million 23andMe customers, about half the company’s user base, through a credential stuffing attack. That means attackers used passwords stolen from other websites to log into 23andMe accounts, rather than breaking into 23andMe’s own systems. The breach went undetected for about five months, starting in April 2023.
The stolen data included sensitive genetic and ancestry information. Lawsuits alleged that 23andMe failed to notify customers with Chinese and Ashkenazi Jewish ancestry that they had been specifically targeted and that their data was being sold on the dark web. The company proposed a $50 million settlement fund to resolve U.S. litigation over the breach.
By March 2025, 23andMe filed for Chapter 11 bankruptcy. The company was purchased in July 2025 for $305 million by a nonprofit organization led by former CEO Anne Wojcicki. This raised fresh questions about what would happen to millions of customers’ genetic data under new ownership, a concern that prompted several state attorneys general and privacy advocates to call for stronger protections. The service was not banned as a result of the breach, but the combination of regulatory history, a massive data exposure, and financial collapse has understandably shaken consumer trust.
What the FDA Authorization Actually Means
Today, 23andMe is legally permitted to sell health reports in the United States, but with significant guardrails. The FDA has authorized specific reports covering carrier screening for inherited conditions, genetic health risks for diseases like Alzheimer’s and Parkinson’s, selected cancer predisposition variants for breast, colorectal, and prostate cancer, and pharmacogenetic reports that describe how your genes may affect your response to certain medications.
Each of these authorizations is narrow. The BRCA report, for example, covers only three specific variants most common in people of Ashkenazi Jewish descent. It does not screen for the thousands of other BRCA mutations that can raise breast cancer risk. A “negative” result on 23andMe’s BRCA test says nothing about whether you carry one of those other variants. This is exactly the kind of nuance the FDA was worried about in 2013, and it’s why the company is now required to spell out these limitations clearly in every report. If you’re using 23andMe for health information, understanding what the test doesn’t cover is just as important as understanding what it does.