UK Biobank Data Breach: Medical Records Listed for Sale Online

Severity: High (Score: 75.0)

Sources: Computerweekly, www.bbc.com, Thecyberexpress, Sciencemediacentre, www.theguardian.com

Summary

A significant data breach at UK Biobank has resulted in the medical records of 500,000 volunteers being listed for sale on the Chinese e-commerce platform Alibaba. The breach was confirmed by UK technology minister Ian Murray, who stated that the data was anonymized but could still pose privacy risks. The compromised information includes demographic details such as age, gender, and lifestyle habits, but does not contain direct identifiers like names or addresses. The breach has raised serious concerns about data handling practices at UK Biobank, a major biomedical research resource. UK Biobank has suspended access for three Chinese research institutions implicated in the breach and is investigating the incident. The UK and Chinese governments, along with Alibaba, acted swiftly to remove the listings. No evidence has been found that any data was sold or downloaded. UK Biobank has announced plans to enhance data protection measures in response to the incident. Key Points: • Data from 500,000 UK Biobank volunteers was listed for sale on Alibaba. • The breach involved anonymized health data, raising privacy concerns. • Access for implicated Chinese institutions has been suspended.

Key Entities

• Data Breach (attack_type)
• Alibaba (company)
• UK Biobank (company)
• Yale University (company)
• China (country)
• Iran (country)
• North Korea (country)
• Russia (country)
• CWE-200 - Exposure of Sensitive Information (cwe)
• Healthcare (industry)
• T1567 - Exfiltration Over Web Service (mitre_attack)