Last updated 1 month ago
The United Kingdom Biobank, a healthcare research organization, experienced a data breach involving the health records of approximately 500,000 volunteers. The breach was publicly disclosed in May 2026 after a UK government Minister confirmed that the stolen data had been listed for sale on Chinese ecommerce platforms. The timeline of internal discovery is not specified in the article.
The attack vector is classified as unauthorized access, as the specific method of intrusion is not detailed. The compromised data includes health records of volunteers, though the exact types of health information (e.g., genetic data, medical histories) are not specified. No threat actor has been attributed, and no CVE references or MITRE ATT&CK techniques are mentioned.
Post-incident, the data listings were removed from the Chinese ecommerce platforms. No further details regarding regulatory actions, litigation, ransom payments, or remediation milestones are provided in the article.
Data listed for sale on Chinese ecommerce platforms
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector