
UK Biobank Health Data of 500,000 Members Offered for Sale Online
Confidential health data, including DNA, from 500,000 UK Biobank volunteers was offered for sale online in China following an internal data breach. The British government confirmed the incident on April 23, 2026. The data was found listed on Alibaba, but names, addresses, contact details, or telephone numbers were not included. The information included gender, age, month and year of birth, socioeconomic status, lifestyle habits, and measures from biological samples. Access for three Chinese research institutions, which had legitimately downloaded the data, was revoked.
Ukbiobank
- Domain
- ukbiobank.ac.uk
- Sector
- Health Care and Social Assistance
- Signals
- 1 linked
Signal context
First seen: Apr 23, 2026
Last updated: Jul 3, 2026
Status: Public signal
Key points
- Internal data breach affecting 500,000 UK Biobank volunteers.
- Confidential health data, including DNA, offered for sale online in China.
- Exposed data included gender, age, birth details, socioeconomic status, lifestyle habits, and biological sample measures, but no direct identifiers like names or addresses.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Health Care and Social Assistance
Likely country: 🇬🇧 United Kingdom
inferred from company domain
Watch internet-facing systems, credential abuse and exploit activity.
- Source type: outside the affected organization
Impact area: Confidentiality
Likely asset: User or customer data
- 7 signals in the same sector
- 89 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
500,000 UK volunteers' medical data listed for sale on Alibaba - Help Net Securityhttps://www.helpnetsecurity.com/2026/04/27/uk-biobank-data-leak-alibaba-marketplace/Public source from helpnetsecurity.com.
UK Biobank suspends access following Alibaba revelations - EU Reporterhttps://www.eureporter.co/health/2026/04/27/uk-biobank-suspends-access-following-alibaba-revelations/Public source from eureporter.co.
Health data of half a million members of a UK project offered online in China | AP Newshttps://apnews.com/article/uk-biobank-health-data-breach-china-alibaba-adc0585cebc36e988654a8a2c94f17e0Public source from apnews.com.
Health data of 500000 members of a UK project offered for sale online in Chinahttps://www.washingtonpost.com/world/2026/04/23/uk-biobank-health-data-breach-china-alibaba/c338daf2-3f18-11f1-bb46-ed564688d953_story.htmlPublic source from washingtonpost.com.
Health data of 500,000 UK Biobank members offered for sale in data breach | ITV Newshttps://www.itv.com/news/2026-04-23/details-of-500000-uk-biobank-volunteers-hacked-and-offered-for-salePublic source from itv.com.
Related signals
Grouped by why the signal is relevant.
Huntsville Hospital Health System Notifies Patients of Data Exposure from Cerner Breach
Huntsville Hospital Health System informed patients on June 26, 2026, about a data exposure stemming from a 2025 breach on Cerner's (now Oracle Health) legacy systems. The breach, which occurred on January 22, 2025, exposed personal and medical information. Cerner had notified its healthcare clients, including Huntsville Hospital, on August 12, 2025, but patient notification was delayed at the request of law enforcement.
ACLA Data Breach Exposes Social Security Numbers and Medical Information
Anatomic and Clinical Laboratory Associates P.C. (ACLA) disclosed a data breach involving unauthorized access to its computer network. The breach, discovered in December 2025, exposed personally identifiable information (names, dates of birth, Social Security numbers, taxpayer identification numbers) and protected health information (medical dates of service, diagnoses, medical history) for 69 Massachusetts residents.
ShinyHunters Threatens to Leak 8.8 TB of One Medical Seniors Patient Data by June 22 Deadline
Amazon-owned primary care provider One Medical faced a data extortion threat from the ShinyHunters group, which claimed to have stolen 8.8 terabytes of data from One Medical Seniors (formerly Iora Health) and threatened to leak it by June 22, 2026, if a ransom was not paid. One Medical had previously disclosed a cybersecurity incident on June 17, 2026, involving unauthorized access to a third-party file storage system containing archived patient information for One Medical Seniors. The unauthorized access occurred between June 8 and June 11, 2026. The potentially compromised information includes demographic and clinical records for some patients.
Kentucky Mountain Health Alliance Discloses Data Breach Affecting SSNs and Medical Records
Kentucky Mountain Health Alliance Inc., a nonprofit health center, disclosed a data breach to the Massachusetts Office of Consumer Affairs and Business Regulation on June 19, 2026. The incident involved unauthorized access to patient data, some of which was copied. The exposed information included driver's licenses, medical records, and Social Security numbers. The specific method of attack, dates of the incident, or discovery date remain unknown. The organization is offering affected individuals a free, two-year membership to identity monitoring services.
Horizon Family Medical Group Data Breach
Reports emerged on June 18, 2026, of a possible data breach at Horizon Family Medical Group, a medical provider in New York's Hudson Valley region. Threat actor Incransom claimed to have stolen 7 TB of data, including medical information such as diagnoses, prescriptions, treatments, and lab results.
Novo Nordisk Confirms Data Breach as FulcrumSec Claims $25M Ransom Demand
On June 16, 2026, reports emerged that the hacking group FulcrumSec claimed responsibility for a data breach at pharmaceutical giant Novo Nordisk, demanding a $25 million ransom. Novo Nordisk confirmed an IT security incident involving unauthorized access to a limited number of internal IT systems and the copying of non-public and clinical trial-related patient data. The exposed data for healthcare professionals may include names, registration numbers, email addresses, phone numbers, WhatsApp details, and office locations.
