The confidential medical data of half a million Brits has been offered for sale on a Chinese website, Alibaba, the Government has said. Science Correspondent Martin Stew reports.

The personal and health-related data of 500,000 participants from the UK Biobank has been offered for sale online following an internal data breach, the UK government has confirmed. The breach came to light after listings advertising the dataset appeared on platforms linked to Alibaba, raising serious concerns about data governance and security within one of the world’s most significant health research databases.

UK Technology Minister Ian Murray stated that three separate listings were identified, with at least one dataset appearing to include information from all 500,000 Biobank participants. Additional listings also offered services to help buyers gain legitimate access to the database or analytical support for those already authorized, further complicating the situation.

The UK Biobank, a major repository of biomedical data used in research on diseases such as dementia, cancer, and Parkinson’s, confirmed that the breach was internal in nature. Importantly, the compromised data did not include direct identifiers such as names, addresses, or contact details, as personal identity information is stored separately on a different system that was not affected.

According to Sir Rory Collins, the listings were quickly removed before any confirmed sale occurred. He stated that the individuals responsible had violated strict contractual agreements and that both they and their affiliated institutions had their access to the platform immediately revoked. Collins also issued an apology, acknowledging the concern caused to participants and outlining steps being taken to prevent a recurrence.

As part of its response, UK Biobank has temporarily taken its research platform offline while implementing enhanced security measures. These include upgrades designed to prevent the extraction of de-identified data and the acceleration of plans for an automated “airlock” system that will monitor and control data access and movement. The suspension of platform access is expected to remain in place for several weeks.

The UK government has taken swift action in coordination with multiple stakeholders. Minister Murray confirmed that authorities worked with the Chinese government and platform operators to ensure the removal of the listings. Additionally, access to the database has been revoked for three research institutions identified as the source of the breach, and all further access to Biobank data has been paused until stronger technical safeguards are implemented.

The incident has also been formally reported to the UK’s data protection regulator, the Information Commissioner’s Office, signaling potential regulatory scrutiny and further investigation into compliance and oversight practices.

This breach highlights the growing risks associated with large-scale health data repositories, particularly as they become increasingly valuable targets in the global data economy. While the exposed data was de-identified, the scale of the breach and the method of exposure underscore the urgent need for stronger internal controls, stricter access management, and more advanced data protection mechanisms.

As UK Biobank works to restore trust and reinforce its systems, the incident serves as a critical reminder that even highly regulated and research-focused data environments remain vulnerable to insider threats and misuse.

Recommended Cyber Technology News :

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com