Story Highlight
– Data breach exposes personal information of 3,700 Afghans.
– Previous breach in 2022 compromised 19,000 Afghan applicants.
– MoD assures no immediate threat to individuals’ safety.
– Afghan resettlement team warns families about exposed data.
– Calls for independent investigation into security failures.
Full Story
Thousands of Afghan citizens relocated to the UK have had their personal information potentially compromised following a data breach linked to a sub-contractor of the Ministry of Defence (MoD). The incident occurred at Inflite The Jet Centre, a company providing ground-handling services at London Stansted airport, and has put the personal details of approximately 3,700 Afghans at risk, including names, passport details, and information associated with the Afghan Relocations and Assistance Policy (Arap).
This breach follows another incident in early 2022, where details of nearly 19,000 individuals seeking refuge from the Taliban were mistakenly exposed, culminating in significant security concerns. While the government has stated that the current breach “has not posed any threat to individuals’ safety,” there is an ongoing investigation into the incident, with no evidence suggesting that the compromised information has been publicly released.
The individuals affected by this latest breach are believed to have arrived in the UK as part of a resettlement scheme for those who assisted British forces, with most traveling between January and March 2024. In an email to the affected parties, the Afghan resettlement team highlighted the risk that personal data, such as passport numbers and Arap reference identifiers, may have been disclosed.
Among those impacted are not only Afghan evacuees but also British military personnel and former government officials, as confirmed by the BBC. A spokesperson for the government remarked, “We were recently notified that a third party sub-contractor to a supplier experienced a cyber security incident involving unauthorized access to a small number of its emails that contained basic personal information.” This has raised alarms regarding the robustness of data protection measures in place.
In response to the incident, Inflite The Jet Centre asserted that the breach was restricted to email accounts and has reported the matter to the Information Commissioner’s Office (ICO), which is now investigating the breach.
Professor Sara de Jong, affiliated with the Sulha Alliance charity that aids Afghan individuals connected to British military operations, expressed shock at the breach, stating, “The last thing that Afghans – who saved British lives – need is more worries about their own and their families’ lives.” She has also called on the MoD to expedite the relocation of Afghans still awaiting resettlement.
The recent breach has reignited discussions about a prior incident in February 2022, when a spreadsheet containing the personal details of individuals under the Arap scheme was inadvertently leaked by a British official. This earlier oversight resulted in thousands being resettled without proper notice of the risks they faced.
Newsnight reported on the experience of a family with ties to the UK military, whose application for relocation had been favorably endorsed. They found themselves at risk of deportation back to Afghanistan amid growing concerns for their safety following the leak of their personal information. The son of one individual stated, “Please help my family and avoid their murder by the Taliban,” as he expressed despair over their precarious situation.
Following this, it was revealed that the individual had been deported back to Afghanistan. The MoD asserted that they are “honoring commitments” to eligible candidates, noting the necessity of passing stringent security checks as part of the relocation process.
Sir Mark Lyall Grant, a former national security adviser, characterized both data breaches as “deeply embarrassing” for the government. He emphasized the urgency of protecting those at risk from Taliban persecution, stating, “We do need to move faster to protect people who genuinely are at risk.”
Furthermore, former Conservative Chancellor Kwasi Kwarteng described the data breaches as “very serious,” expressing concern for those facing deportation. Liberal Democrat Defence Spokesperson Helen Maguire condemned the government’s handling of the situation, labeling it as “staggering incompetence” and called for a thorough independent investigation into the breaches to ensure accountability and improved security measures.
