Half a million Britons’ medical data offered for sale on Chinese website in major UK Biobank breach
Half a million Britons’ medical data offered for sale on Chinese website in major UK Biobank breach
Holly EvansThu, April 23, 2026 at 1:41 PM UTC
0
Data from 500,000 people who volunteered their health information to the UK Biobank has been breached and offered for sale online in China.
Technology minister Ian Murray said information of all half a million members had been listed for sale on the website Alibaba, as he called the incident an “unacceptable abuse” of data.
He told the Commons on Thursday that the charity had informed the government about the data breach on Monday 29 April, and said the information did not include names, addresses or contact details.
Mr Murray told MPs: “Biobank told us that three listings that appear to sell … Biobank participation data had been identified. At least one of these three datasets appeared to contain data from all 500,000 UK Biobank volunteers.
“Additional listings offer support for applying for legitimate access to UK Biobank or analytical support for researchers who already have access to the data.”
The Biobank is the world’s most comprehensive dataset of biological, health and lifestyle information. It has been used to achieve improvements in the detection and treatment of dementia, cancers and Parkinson’s.
The data was offered for sale on Alibaba's ecommerce platforms (AFP/Getty)
“The government has spoken to the vendor today, and they did not believe that there were any purchases from the three listings before they were taken down,” Mr Murray added.
The UK Biobank was established to advance medical research and scientists from across the world can use its data – with the personal information removed – for studies that are deemed in the public interest.
All of the participants were aged between 40 and 69 years old when they joined the study between 2006 and 2010. Their data is used to track their long-term health and help researchers to understand, prevent and treat serious illnesses.
UK Biobank has referred itself to the Information Commissioner’s Office following the breach, Mr Murray said.
Mr Murray said the data involved in the breach could include gender, age, month and year of birth, socioeconomic status, lifestyle habits, and measures from biological samples.
Advertisement
He said he could not give a complete guarantee that nobody could be identified, but said it would likely only be done so through a “very advanced way”.
Blood samples taken from volunteers, ready to be stored in the UK Biobank (Getty)
In a statement, he told the Commons: “Once the government was made aware of the situation, we took immediate action to protect participants’ data. Firstly, we worked with Biobank, the Chinese government and the vendor, to ensure that those three listings – that UK Biobank informed us (of), including participant data – had been removed.
“I want to thank the Chinese government for the seriousness with which they work with us to help remove these listings.
“Secondly, we ensured that the Biobank charity revoked access to three research institutions identified as the source of that information.
“And thirdly, we have asked that the Biobank charity pause further access to its data until they put in place a technical solution to prevent data from its current platform from being downloaded in this way again. I can confirm to the House that this pause is now in place.”
In a statement published on Thursday, Professor Sir Rory Collins, chief executive and principal investigator of UK Biobank, told those in the study: “We would like to inform you about an incident involving UK Biobank data.
“We apologise to our participants for the concern this will cause, and we hope to provide reassurance by outlining the serious actions we are taking in response.
“Your personally identifying information in UK Biobank is safe and secure.
“Listings offering access to UK Biobank data (which did not contain any personally identifying information) were found on a Chinese consumer website. These listings were swiftly removed before any purchases were made.
“We are putting in place additional security measures to prevent this happening again. We will conduct a comprehensive investigation into this incident.
“Since UK Biobank started to make your de-identified data available for research in 2012, it has led to thousands of discoveries that are already leading to improvements in the prevention and treatment of many different diseases.”
Source: “AOL Breaking”
