Data from half a million UK Biobank volunteers has been discovered advertised for sale on Alibaba's e-commerce platforms in China, marking one of the largest medical data breaches in British history.
Government Response
Technology Minister Ian Murray informed the House of Commons that the listings, which appeared to sell Biobank participation data, were identified on 20 April. The compromised information did not contain participants' names, addresses, contact details, or telephone numbers, and the listings were removed before any purchases were made.
Collaborative Action
The government, UK Biobank, and Chinese authorities worked together to remove the listings and revoke access for three research institutions identified as the source of the leak. UK Biobank has paused further data access, referred itself to the Information Commissioner’s Office, and is implementing additional security measures following the incident.
This breach raises serious concerns about the security of sensitive medical data held by research institutions, particularly when shared with international partners. The UK Biobank is a long-term health study that has collected genetic and lifestyle data from volunteers to aid medical research.
