Half a million confidential health records from UK Biobank participants were advertised for sale on Chinese e-commerce site Alibaba last week. The UK government has confirmed the listings and says the data has been removed with no evidence of sales.
The data breach affects volunteers in the UK Biobank, a long-running health research project that collects genetic and medical information from British participants. Three separate listings offering the records appeared on Alibaba before being taken down.
Technology minister Penny Mordaunt confirmed the incident to Parliament, noting the information was described as "de-identified"—meaning personal names and identifiers had been removed. However, the listings still contained sensitive health and genetic data that could potentially be used to identify individuals when combined with other datasets.
UK Biobank is a publicly-funded research initiative storing biological samples and health information from over 500,000 volunteers. The project supports medical research into diseases including cancer, heart disease, and diabetes. Participants agreed to have their data used for approved research purposes only.
Investigators are now working to determine how the data reached Alibaba and who attempted to sell it. The government has not disclosed whether a breach of UK Biobank's systems occurred or if data was obtained through another route. Initial findings suggest the records may have been de-identified before being listed, potentially lowering their immediate commercial value.
This incident raises fresh concerns about data security in health research. While de-identification is intended to protect privacy, research has shown that genetic data can sometimes be re-identified through cross-referencing with public databases. The UK's Information Commissioner's Office is expected to investigate the matter.
Alibaba removed the listings after being contacted by UK authorities. The company stated it has zero tolerance for illegal activities on its platform. No formal criminal investigation has been announced, though authorities are examining whether any laws were broken under UK data protection regulations.
Europe's digital identity wallet age verification system will only work on iOS and Android devices, excluding alternative mobile platforms. The technical specification has drawn criticism from privacy advocates and open-source developers.
The Trump administration has established the Gold Eagle federal clearinghouse to enable real-time sharing of AI-related cyber threat intelligence between government agencies and private sector companies. The White House says the system is already receiving vulnerability reports and coordinating patch prioritization.
Spanish authorities dismantled a major cybercrime organization responsible for €140 million in fraudulent earnings, resulting in four arrests. The ring operated investment scams and business email compromise attacks.
SonicWall has released security updates to address two actively exploited vulnerabilities in its SMA1000 appliance. The company urges customers to patch immediately.