UK Biobank records for 500,000 listed on Alibaba

UK Biobank reported that de-identified medical, genetic, imaging and lifestyle records for 500,000 volunteers were offered for sale on the Chinese e-commerce site Alibaba. The listings were traced to three research institutions that had lawful access to the data; Alibaba and Chinese authorities removed the adverts and UK Biobank has revoked the institutions’ access and paused new data requests while it tightens security.

The dataset reportedly included DNA sequences, blood-sample information, medical images and detailed demographic and lifestyle fields for half a million people. At least one listing appeared to cover the full set of 500,000 volunteers. UK Biobank noted the files did not contain names, addresses or NHS numbers but did include granular fields such as gender, age, birth month and year, socioeconomic indicators, lifestyle details and a range of health measures.

Officials say the files were downloaded under standard research contracts that grant approved users access to the resource. Investigators traced the online adverts to three institutions that had been granted access and removed credentials for those accounts. Alibaba and Chinese authorities took down the listings before any confirmed sale.

UK Biobank is a charity that holds more than 15 million biological samples and detailed health records from volunteers recruited between 2006 and 2010. Researchers worldwide use its data to study cancer, dementia, diabetes and other conditions. The charity normally grants access to vetted universities and companies under contracts and monitoring.

Privacy specialists and government security assessments note that datasets stripped of direct identifiers can sometimes be re-linked to individuals when combined with other public or commercial records. Genetic information cannot be changed, and combined datasets can be repurposed for targeted fraud or social-engineering attacks that reference specific health conditions.

U.S. and U.K. security analyses describe bulk health and genomic collections as strategic resources and document major investments by the People’s Republic of China in national genomics and precision-medicine programs. Those assessments cite the use of large foreign datasets to train AI models, develop drugs and support biotech research. Last year, a major Chinese genomics company was placed on the U.S. Entity List over concerns about its role in surveillance of minority populations.

Dr. Nicola Byrne, the National Data Guardian, called for accountability and for volunteers’ health data to be kept safe. UK Biobank said it will strengthen technical and contractual safeguards, including tighter limits on data export, enhanced monitoring of approved users and additional controls over where and how data can be analyzed. Privacy advisers recommend that volunteers and institutions ask data stewards about governance, storage location, encryption of raw genomic files, access rules, limits on downloads, secure analysis environments and steps to manage re-identification risk.