:

UK BIOBANK DATA REPEATEDLY LEAKED ON GITHUB

DEV DESK1 MIN READ
FRI, APR 24, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Researchers have tracked 110 DMCA takedown notices targeting 197 code repositories containing UK Biobank health data. The exposures reveal ongoing governance challenges for the major health research initiative.

A privacy researcher monitoring Digital Millennium Copyright Act notices found that sensitive UK Biobank data has been repeatedly uploaded to GitHub by developers across 170 accounts worldwide. The instances represent the latest in a series of data handling issues for UK Biobank, a repository of health records and genetic information from 500,000 British participants used for medical research. The leaked repositories contained portions of the biobank's dataset, which researchers access for studies but are bound by data usage agreements. The repeated uploads suggest either accidental commits or misunderstandings about data sharing restrictions. GitHub has been removing the repositories following takedown notices, but the pattern indicates a systemic problem. Researchers and the institution have published commentary in the British Medical Journal highlighting the governance gaps. The exposures underscore broader challenges in managing sensitive health data as research becomes increasingly collaborative and code-sharing platforms grow more prevalent in academic work.

■ SOURCES

Hacker News

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

5H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

5H AGOSecurity Desk

Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.

8H AGOAI Desk

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

10H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.