Biobank Data Incident: ‘A Small Number of Individuals’ to Blame, Says Leader

UK Biobank Faces Scrutiny Over Data Leak

Professor Sir Rory Collins, director of the UK Biobank, stated that a small number of individuals were responsible for the recent incident where medical data from 500,000 participants appeared for sale on a Chinese website. According to government reports, datasets with de-identified volunteer information were shared with three global academic institutions but were later discovered listed on Alibaba. The listings were quickly taken down before any transaction occurred, though the charity now faces questions about its data management practices.

“In this case, a small number of individuals have taken those data off the platform and listed the data for sale,” Sir Rory explained to BBC Radio 4’s Today programme. “By working swiftly with the UK government and the Chinese government, we have been able to get those listings removed before any data were sold.”

The UK Biobank, a repository of health data from volunteers, has supported advancements in dementia, certain cancers, and Parkinson’s disease research. Its online platform grants access to datasets containing anonymized medical records, DNA sequences, and body scans for approved researchers worldwide. However, the incident has forced a temporary pause in data access as the organization implements stronger safeguards.

Government and Data Experts Respond

Technology minister Ian Murray assured MPs in the House of Commons that the data involved did not include personal identifiers like names or contact details. Still, it could reveal demographic details, such as age and gender, along with lifestyle factors and biological metrics. Despite this, there is no evidence confirming any participant was identified through the shared datasets.

The Biobank has gathered detailed health information from over 200,000 volunteers since 2006. Participants were aged between 40 and 69 at the time of enrollment. While Sir Rory admitted the possibility of re-identification, he emphasized the need to balance open data access with security measures.

“UK Biobank has allowed discoveries that otherwise would never have emerged about how to prevent and treat diseases like dementia,” he told Today. “The balance then is how do you put in place safeguards to allow that to go on, while doing it in a secure way.”

The Information Commissioner’s Office (ICO) has been notified of the incident and is investigating. A spokesperson noted the sensitivity of medical data, stressing that both individuals and organizations have legal obligations to protect it. Meanwhile, a thorough board-led inquiry is underway to examine the breach and its causes.