Health and genetic data from all 500,000 UK Biobank volunteers was listed for sale on Alibaba after three Chinese research institutions with legitimate access violated their data-sharing agreements. The data was de-identified but includes whole genome sequences, hospital diagnoses, and biological measures that experts say can be re-identified using minimal additional information. Alibaba removed the listings before any sales occurred, UK Biobank has suspended all external data access, and the ICO is investigating. A prior March investigation had already found the data leaked dozens of times via GitHub. The incident highlights a structural vulnerability in open research data-sharing models: no technical safeguard can prevent trusted insiders from misusing legitimately granted access.
Table of contents
What UK Biobank holdsThe re-identification problemA pattern, not an incidentThe geopolitical dimensionWhat happens nextSort: