IDMerit data leak exposes 1 bllion identity records
Markus Spiske/Unsplash
Portrait of Minister Ian Murray Picture by Alecsandra Dragoi DIST
Ian Murray, Technology Minister, returned from G7 talks in Montreal with new AI adoption commitments for UK businesses Alecsandra Dragoi/Department for Science, Innovation and Technology

The UK Biobank faces another data privacy scare as the government confirmed on Thursday that confidential health records of 500,000 volunteers were found listed on Chinese website Alibaba, raising concerns and questions as to how important medical records are protected.

Technology Minister Ian Murray said the UK Biobank charity told the government that 'de-identified' data of participants 'had been advertised for sale by several sellers on Alibaba's e-commerce platforms in China', but assured that after cooperation with the Chinese government and Alibaba, the records had been removed and no sales of data were believed to be made.

What is the UK Biobank, and What Important Data it Contains?

Launched in 2003, the UK Biobank is one of the world's largest health research projects, holding biological and medical data from around 500,000 volunteers who agreed to support scientific studies.

Between 2006 and 2010, the project recruited 500,000 participants aged 40 to 69, where they consent to provide genetic data, clinical measurements, health information, biological samples and lifestyle data, and undergo regular follow-ups, The Guardian reported.

The UK Biobank is a key global resource for medical research. Scientists use it to study diseases such as cancer, heart disease, and dementia, and to understand how genetics and lifestyle affect long-term health.

Because of its importance, access is tightly controlled and only granted to approved researchers under strict conditions.

What Kind of Data Is Exposed on Online Platforms?

Data breach
Pexels

Murray said the leaked data was 'de-identified', meaning it did not include names and addresses, but it still contained detailed health information such as age and gender, birth period information, medical conditions and test results, genetic and biological data, lifestyle and environmental factors.

Experts warn that this type of information can sometimes be re-identified when combined with other datasets, especially at a large scale.

Murray Says Breach an 'Unacceptable Abuse', Government Responds

UK officials strongly condemned the incident, with Murray describing the situation as a serious breach of trust, calling it an 'unacceptable abuse'.

He further said that an investigation is underway to know what happened.

Biobank Chief Executive Rory Collins also apologised to the participants and assured that additional security measures will be put in place.

'We apologise to our participants for the concern this will cause, and we hope to provide reassurance by outlining the serious actions we are taking in response', Collins said, adding that their personally identifying information is 'safe and secure'.

How Did the Data End Up Online, and Who Is Behind the Privacy Breach?

According to Murray, three research institutions were responsible for the leak. Early investigations suggest that these institutions had permission from the UK Biobank to use the information for scientific studies. However, the organisations broke strict data-sharing rules.

The UK Biobank has since revoked their access.

What Happens Next? Stronger Measures Now Expected

Murray assured that the government is taking the incident seriously, and said that the government will soon release new guidance on how to manage data from research studies.

He also urged businesses and charities to make sure their systems and how they share data are well protected.

'Ensuring the safe use of UK data is a priority for this Government', he said.

Read more