There have been further listings of confidential health records of UK volunteers on the Chinese website Alibaba since the breach reported last week, and the government is braced for further leaks, the science minister has said.
Addressing a House of Lords debate on the attempted sale of data belonging to 500,000 UK Biobank volunteers, Patrick Vallance said the government had worked with Chinese officials to remove additional postings on the online marketplace.
“New listings will emerge – there have been additional listings posted since the government were made aware of the issue last week – and we continue to work with the Chinese government to remove them quickly,” Lord Vallance said.
Looks like our precious health data would be safer if Palantir had it all.
Makes a change from India, I suppose.
I worked on govt projects where vast amounts of data went east, until they got the wind up. By then it was a but late.
“Lord” Vallance, eh? The bigger the cock up the higher the promotion then?
I suppose he does have good contacts with China…
Anyone remember the NHS Spine, and the arrogant cunt running it? Just Say No.
Vallance – another Covid criminal who should be hanged.
If only my medical details could be leaked to my own doctor, he might do something for me….
Yeah but
(My emphasis)
That would be the same China that turns a blind eye, if not actively encourages, its own companies to steal IPR.
Naïvety or stupidity?
Simply lying. SOP.
This is just Vallance wanting to sound in control.
Alibaba will try and remove them, because Alibaba want to make more money. Having this stuff on Alibaba would make them look dodgy. And Alibaba want to sell hosting services to the world. They want a good reputation.
There ain’t nothing that can be done about this now, because there are “additional listings”. Someone bought it, copied it, and sold it to 5 other people. They might have sold it to another 20 people each. If a celeb accidentally sends naked pictures to the wrong person and he shares it with 10 people on Whatsapp, it’ll be a milliion people by sunset.
Even if Alibaba are being good guys (and it sounds like they are), I can open up an FTP server on my laptop, tell you the IP address and you get the file. Or, I zip it with encryption and some chunking. Even if Alibaba are really trying hard, they won’t find it.
Tbh, I don’t care who has my “health data”. What are they gonna do, figure out why I’m somehow still alive or something? Good luck.
Well yes!
Anyone who’s ever used the AliExpress website will know the Chinese are a bunch of deceitful cvnts. You have to look at every item offered for the hidden catch, accept that “real silk” & “real leather” probably mean polyester & plastic, “truthful” means lying through their teeth & be alert for prices that change between clicking on buy & appearing in the basket. ( Actually this list could probably run for a hundred items)
So nothing about the above story will surprise.
I was curious about this “Temu” thing so had a gander at their website. What a nightmare. It’s the scammiest thing I’ve ever seen. Endless crap, all offered by fraudsters with fake 5 star reviews clearly written by bots
Well yes again! They seem a long way from understanding what it would take to create a big western brand.
There’s a lot of poundland stuff on there. But I’ve done well with a couple of things where I took a risk. Someone told me about a good coffee grinder.
The best one was a laptop key. The bit on the top. The connector broke, and I needed a new key. Dell don’t sell those as spares. They sell a whole keyboard unit that costs £35. AliExpress were about £5 including postage. So I figured I’d take a shot. And it’s a lot easier job than replacing the keyboard. Brief chat about the model, and it was in the post. Job done.
I’m guessing with all the costs we’ve piled on, you can’t make that work in the UK but in China?
Oh you can definitely get some good deals on AliE. I reckon I’ve bought 40-50k euros. Women’s clothes & what not. I imagine I’m buying at a fair bit less than UK retailer does. And there’s some stuff shops & on-line must be sticking 3-400% on. So there can be a good profit in it. But you really have to know your schmutter Some of it’s just crap.
Temu & Shien etc. Basically they’re dropshippers. Although they do frontload into their markets. You can find exactly the same AliE cheaper. And from what I’ve heard I’d rather be dealing with AliE. They’re very good on the rare occasion an order goes wrong. With the other sellers, not so. AliE is a marketing platform. It’s in their interests to keep their sellers honest, as far as they can. Their sellers can be factory or wholesalers. One of the tricks is working out which.
“Last month, the Guardian was able to re-identify a single participant in a different UK Biobank dataset that had been leaked online using just their date of birth and the data of an operation.”
A simple question… how would it affect the result if you just had the month and year of birth? You now have 30 times more people filtered. Or even quarter of the year? Obviously, you want to know if someone is 30 or 60, probably 30 or 40. But 30 and 25 days?
“Some of the data, including a detailed dataset relating to 96,000 volunteers that appears to have been accidentally uploaded by a masters student at Yale University, remains online. UK Biobank said it had asked for the data be removed and that it should be completed shortly”
OK now this is just epically stupid. We need to find the system design documents, and every sign off, and punish these people, even if we have to pass a special act of parliament to take their pensions and titles.
Palantir? Not really their bag, and that doesn’t help here. This is about numskull management. If you have a set of sensitive data, you let people take copies after a whole lot of checks. For example, I worked for a company that printed bills for telcos. We had all the billing data. They sent it over, we printed it. You don’t want that getting out, and someone using the itemised data to figure out who is phoning the Thai Rub a Tug shop for a appointment. You not only make sure that it’s physically stored right, that it’s protected from virtual attack, that the company has liability insurance and also that processes are good, that only certain types of uses in the company are limited to certain people to reduce risk.
A masters student at Yale University should never have the dataset. A masters student at Yale should be able to run queries against the dataset and get answers. How many people in Bristol aged 30-45 got a certain sort of cancer. And if you need to distribute it beyond UK biobank you do some meetings with the people at Yale or maybe some Ivy League group that allow queries to be run. Like if you create an ad on Facebook, it tells you how many people it’s likely to reach. But not who they are.
“Chi Onwurah, the chair of the Commons science, innovation and technology committee, said: “I’m astounded that that data is still available online. UK Biobank have been complacent about the half a million British people who have shared their most intimate and personal data with them and who deserve better than this.””
Oh you stupid bitch. This isn’t yellow cake uranium with a finite supply. Some bloke in Shanghai holds the data on his laptop, He sticks it up on Alibaba Cloud, AWS, Azure, or even his own personal FTP server. Sells it, tells people where it is. If Alibaba take it down, he can do it elsewhere. Even if Alibaba put in some sort of check on the file, you just need to encrypt it and they can’t stop it even if they’re trying to be super helpful. Anyone who bought a copy can resell a copy if they want. It’s out there. CAN’T STOP THE SIGNAL, MAL.
Based on
https://www.bbc.co.uk/news/articles/cpvxgl3n138o
the leaked data “could include gender, age, month and year of birth, socioeconomic status, lifestyle habits, and measures from biological samples”
So exact date of birth missing – so either the technology minister was fibbing or the Guardian is. I suspect the G on previous form but could be wrong.
Polly Toynbee not worried, reassuring is that
I’m a Biobank volunteer, and it never asked my gender, only my sex. It’s a medical thing, it’s biology, gender is irrelevant and misleading.
There’s a website for the project where there’s a desription of what happened: https://www.ukbiobank.ac.uk/news/a-message-to-our-participants-uk-biobank-data-security-update/ I’m not sure if the exact date of birth was leaked, but you can see the fields stored and it says about date of birth “This information is regarded as restricted and will be supplied to researchers only when absolutely necessary.” and offers “month of birth” and “Year of birth” instead. See https://biobank.ndph.ox.ac.uk/showcase/field.cgi?id=33
Incidentally, looking at the “Month of birth” field, it seems that months that start with M are the most popular (March and May, over 45,000) while those which contain the letter ‘b’ are the least (Feb, Sep, Oct, Nov, Dec, under 41,000).
“his own personal FTP”
FTP carries a different meaning in Glasgow.
Ah right. Every day is a school day, isn’t it?
There have been further listings of confidential health records of UK volunteers
Seems they weren’t confidential.
Ah well, maybe there’s 500k more people now who now realise the State couldn’t care less about them. Just hope they remember this when voting time comes.