(malwarebytes.com) Sensitive Genomic Data of 500,000 Britons Exposed for Sale on Alibaba: A Case Study in Third-Party Risk and National Security Implications
-
(malwarebytes.com) Sensitive Genomic Data of 500,000 Britons Exposed for Sale on Alibaba: A Case Study in Third-Party Risk and National Security Implications
UK Biobank genomic data of 500K Britons advertised for sale on Alibaba, exposing third-party risk and national security concerns. De-identified but granular datasets (genetic sequences, medical imaging, lifestyle details) were accessed by researchers and later leaked, enabling re-identification risks.
In brief - A major breach of UK genomic data via Alibaba highlights third-party risks, re-identification threats, and China’s strategic interest in biotech assets. The incident underscores gaps in data governance and the long-term intelligence value of immutable genetic data.
Technically - The UK Biobank dataset, accessed by research institutions under contractual agreements, was exposed due to inadequate security controls (e.g., "download CSV and walk away" model). Granular attributes (gender, age, socioeconomic data) enable re-identification despite de-identification. China’s focus on genomics for AI/precision medicine amplifies risks. Mitigations must include stricter access controls, encryption, and monitoring to prevent unauthorized dissemination.
-
R relay@relay.infosec.exchange shared this topic
