UK Biobank de-identified health dataset exposed via illicit researcher access and listed on Chinese e-commerce platforms
Summary
Hide ▲
Show ▼
De-identified health data from 500,000 UK Biobank volunteers surfaced on Alibaba e-commerce platforms in China after researchers at three academic institutions misused their legitimate access to extract and attempt to sell the data. The UK government confirmed listings were identified and removed, with no evidence of purchase. UK Biobank emphasized the data lacked direct identifiers such as names, addresses, phone numbers, or NHS numbers, and stated it was de-identified. The breach was traced to a contractual violation by researchers who accessed the data outside the authorized UK-hosted research platform. UK Biobank suspended all platform access and suspended implicated researchers and institutions pending a forensic investigation.
Timeline
-
24.04.2026 16:25 1 articles · 1h ago
UK Biobank de-identified dataset exposed via researcher misuse; listings removed from Alibaba platforms
Researchers at three academic institutions misused their access to UK Biobank’s de-identified health dataset, extracted it from the authorized UK-hosted platform, and listed it for sale on Alibaba e-commerce platforms in China. UK Biobank suspended all platform access, suspended implicated researchers and institutions, and reported the incident to UK authorities. Chinese authorities and Alibaba removed the listings; no purchase was detected. A board-led forensic investigation has been initiated to determine the scope and enhance controls.
Show sources
- UK Biobank Data Breach: Health Data of 500,000 Listed for Sale in China — www.infosecurity-magazine.com — 24.04.2026 16:25
Information Snippets
-
Health data from 500,000 UK Biobank participants was listed for sale on Alibaba e-commerce platforms by multiple dealers, according to a statement to the UK House of Commons by the Minister for Digital Government and Data.
First reported: 24.04.2026 16:251 source, 1 articleShow sources
- UK Biobank Data Breach: Health Data of 500,000 Listed for Sale in China — www.infosecurity-magazine.com — 24.04.2026 16:25
-
The leaked dataset contained de-identified information including whole-body scans, DNA sequences, and sensitive medical records, but did not include personal identifiers such as names, addresses, contact details, telephone numbers, or NHS Numbers.
First reported: 24.04.2026 16:251 source, 1 articleShow sources
- UK Biobank Data Breach: Health Data of 500,000 Listed for Sale in China — www.infosecurity-magazine.com — 24.04.2026 16:25
-
The breach originated from researchers at three academic institutions who violated contractual terms by extracting data for external use, violating access controls on the UK-hosted research platform.
First reported: 24.04.2026 16:251 source, 1 articleShow sources
- UK Biobank Data Breach: Health Data of 500,000 Listed for Sale in China — www.infosecurity-magazine.com — 24.04.2026 16:25
-
UK Biobank suspended all access to its research platform and suspended the implicated researchers and institutions pending investigation. Additional access and download restrictions are being implemented.
First reported: 24.04.2026 16:251 source, 1 articleShow sources
- UK Biobank Data Breach: Health Data of 500,000 Listed for Sale in China — www.infosecurity-magazine.com — 24.04.2026 16:25
-
UK Biobank, UK government, Chinese authorities, and Alibaba removed the illicit listings; no evidence indicates the data was purchased.
First reported: 24.04.2026 16:251 source, 1 articleShow sources
- UK Biobank Data Breach: Health Data of 500,000 Listed for Sale in China — www.infosecurity-magazine.com — 24.04.2026 16:25