UK Biobank confirms half‑million volunteers’ data advertised on Alibaba

Claim Medical data of half a million Britons was offered for sale on a Chinese website after a security breach at UK Biobank.

Evidence UK Biobank informed the UK government that it had identified anonymised data from its volunteers for sale by three sellers on Alibaba, with at least one listing appearing to offer data from its 500,000 volunteers. The charity stated that it has revoked access to research institutions identified as the source of the breach of its UK data cloud. UK Biobank noted that the data contained no names, addresses, contact details or telephone numbers and that it does not believe any of the data was sold.

Verdict mostly_true

Analysis The core of the claim is supported by UK Biobank’s own statements to the government and public announcements. The number of volunteers matches the charity’s cohort size, and the platform (Alibaba) is specified. While the data was de‑identified, reducing immediate personal risk, the incident highlights vulnerabilities in data‑sharing contracts and cloud access controls. Practical takeaways for volunteers include remaining alert to phishing attempts that could exploit breach awareness; for institutions, it underscores the need to enforce contractual security clauses and monitor data exports. UK Biobank plans to introduce file‑size limits, automated export checks, and a technical solution to block unauthorized downloads by year’s end.

What to watch next The UK government’s forthcoming guidance on research data security and the Information Commissioner’s Office investigation into whether any data was actually transferred.