What is the homogeneity attack, and why does it defeat k-anonymity?
If every record in an equivalence class shares the same sensitive value, an attacker learns that value with certainty — without ever identifying the specific person.
* The attack/defense arms race from k-anonymity through l-diversity to t-closeness. *
k-anonymity guarantees you can't tell which of the k people a record belongs to. But it says nothing about the sensitive attribute inside the class. If all 3 records in the class ([35–40], Asia) have Disease = Cancer, then knowing someone falls in that class tells the attacker their diagnosis — identity within the group is irrelevant.
This is the gap l-diversity was invented to close: protecting the quasi-identifiers isn't enough if the sensitive values aren't varied.
Tip: k-anonymity hides who; the homogeneity attack shows that hiding who is useless if everyone in the group shares the same secret.
Go deeper:
l-diversity (Wikipedia) — defines the homogeneity attack it was built to stop.
k-anonymity (Wikipedia) — lists homogeneity among k-anonymity's weaknesses.