Question to the Department of Health and Social Care:

To ask His Majesty's Government, for each month since UK Biobank first detected de-identified participant data on GitHub in 2022, (1) how many instances there have been of participant-level UK Biobank data being identified on GitHub, and (2) in each case, what estimate has been made of the length of time the data was publicly accessible before being identified and secured.

UK Biobank is a charity and operationally independent of government. The Government has been working closely with UK Biobank in its response to the data breach which it reported to the Government on 20 April 2026. Measures taken so far have included the suspension of access to their research analysis platform, revocation of access permissions from the institutions involved, rapid removal of the listings from the e-commerce platform, self‑referral to the Information Commissioners Office, and urgent work to introduce technical barriers to prevent download of participant‑level data.