UK Biobank Data Breach: Health Records of 500,000 Britons Listed for Sale on Alibaba
Medical data belonging to 500,000 UK Biobank volunteers was found listed for sale on Alibaba's e-commerce platforms in China, the government confirmed this week, in what has been described as a profound betrayal of public trust in medical research.
What Happened
The UK Biobank charity informed the British government on 20 April that health data from half a million of its participants had been advertised for sale on Alibaba platforms in China. Technology minister Ian Murray confirmed the breach to the House of Commons on 23 April, calling it an "unacceptable abuse" of data.
The data, described as "de-identified," did not include names, addresses, or contact details, but contained sensitive health information including gender, age, socioeconomic status, lifestyle habits, and biological sample data related to haematology, biology, and chemistry, as well as information on sleep, diet, mental health, and health outcomes.
Source of the Breach
The incident was not a traditional cyber-attack but a breach of contract by legitimate researchers. Three Chinese research institutions that had been granted access to the data for research purposes were identified as the source. UK Biobank's chief scientist, Professor Naomi Allen, attributed the incident to "rogue researchers" who downloaded datasets to local storage in violation of their contractual agreements.
The UK government, in cooperation with Chinese authorities and Alibaba, ensured the listings were swiftly removed before any sales were made.
Response and Safeguards
UK Biobank has revoked access for the three implicated institutions, temporarily suspended all access to its research platform to implement security upgrades, and referred itself to the Information Commissioner's Office (ICO). The charity has also imposed strict limits on file sizes that can be removed from the platform and will monitor exports daily for suspicious behaviour.
Liberal Democrats technology spokeswoman Victoria Collins called it a "profound betrayal" of the volunteers who donated their data to advance medical science.
Why It Matters
UK Biobank, established in 2006, is one of the world's most important medical research resources, providing scientists globally with access to genetic, biological, and health data from half a million Britons aged 40 to 69. The data is crucial for understanding, preventing, and treating serious conditions including cancer, diabetes, and dementia.
