UK Biobank Data Breach: Further Leaks on Alibaba, Government Warns
Science minister Patrick Vallance tells Lords additional listings have emerged since last week's breach of 500,000 volunteers' health data
Auf einen Blick
- The UK government has confirmed further confidential health records of UK Biobank volunteers have been listed on Alibaba since the breach reported last week.
- Science minister Patrick Vallance said the government is working with Chinese officials to remove additional postings, warning there will likely be more leaks.
- The data of 500,000 participants was put up for sale on the Chinese marketplace.
KI-generierte Zusammenfassung
Warum es wichtig ist
UK Biobank is a major health research charity holding genetic and health data from 500,000 volunteers. The data has enabled discoveries about genes affecting heart disease, cancer, dementia risk, and Covid-19 understanding. This is not an isolated incident - UK Biobank has dealt with at least 30 other data breaches in the past month.
There have been further listings of confidential health records of UK volunteers on the Chinese website Alibaba since the breach reported last week and the government is braced for further leaks, the science minister has said. Addressing a House of Lords debate on the attempted sale of data belonging to 500,000 UK Biobank volunteers, Patrick Vallance said the government has worked with Chinese officials to remove additional postings on the online marketplace. "New listings will emerge – there have been additional listings posted since the government were made aware of the issue last week – and we continue to work with the Chinese government to remove them quickly," Vallance said. The data is "de-identified", meaning it does not include names, addresses or precise dates of birth. Vallance said there was a "low probability" of re-identification, but the breach should nonetheless serve as a "real wake-up call" for researchers. "It is increasingly possible to triangulate in large datasets and get close to identification, and that remains a very real risk," he said. Last month, the Guardian was able to re-identify a single participant based in a different UK Biobank dataset that had been leaked online using just their date of birth and the data of an operation. The Lords debate comes after an emergency statement by Ian Murray, the technology minister, last Thursday, which revealed that half a million participants in the UK Biobank project had their health data put up for sale on Alibaba. UK Biobank learned of the breach from an anonymous whistle-blower. The data has since been taken down and officials do not believe there were any sales. All access to UK Biobank data has been temporarily suspended. Vallance named the three Chinese institutions, whose researchers are understood to be behind the postings, as the Second Xiangya hospital, China-Japan Union hospital, and Beijing Chaoyang hospital. Vallance praised the altruism of UK Biobank volunteers, whose data he said had paved the way for discoveries of genes that affect the risk of heart disease or cancer, and new ways of predicting dementia and understanding Covid-19. "I end by saying again how important UK Biobank is, how unique it is worldwide in its breadth and depth of coverage, and how appalling it is that this leak occurred," Vallance said. "We must make absolutely sure that this risk is eliminated going forward by making sure that a secure data environment is put in place." In addition to the Alibaba posts, the UK Biobank has taken action on at least 30 other data breaches in the past month, according to Dr Luc Rocher, a researcher at the Oxford Internet Institute, who has been tracking data breaches. Some of the data, including a detailed dataset relating to 96,000 volunteers that appears to have been accidentally uploaded by a masters student at Yale University, remains online. UK Biobank said it had requested that the data be removed and that it should be completed shortly. Dame Chi Onwurah, chair of the Common's science, innovation and technology committee, said: "I'm astounded that that data is still available online. UK Biobank have been complacent about the half a million British people who have shared their most intimate and personal data with them and who deserve better than this." A government spokesperson said: "We are aware of reports that unauthorised data from UK Biobank – a health research charity independent of government – is being made available online following a leak which was reported last month. As you would expect, we are working with UK Biobank to understand its origin and extent of this data, and to ensure they are taking proactive steps to get it removed."
Worauf zu achten ist
KI-Ausblick — Möglichkeiten, keine Fakten
UK Biobank will implement a more secure data environment with stricter access controls
Sehr wahrscheinlich · Innerhalb von Monaten
Further investigations into how Chinese institutions obtained the data will be launched
Wahrscheinlich · Innerhalb von Wochen
International guidelines on cross-border health data security may be strengthened
Möglich · Innerhalb von Monaten
Offene Fragen
- How did the Chinese researchers obtain access to UK Biobank data?
- Were there any actual sales of the data before removal?
- What security reforms will UK Biobank implement?
- How many of the 30 other data breaches remain unresolved?






