Another Afghan MoD data breach uncovered

Share on facebook
Share on twitter
Share on linkedin

Earlier this week, the Ministry of Defence (MoD) experienced a severe data breach that could put the lives of Afghan interpreters and their families at risk. Following this shocking data privacy failure, the MoD has experienced another data breach; this time potentially compromising the safety of Afghans who may be eligible to relocate to the UK.

What happened in the latest breach?

Last month, thousands of people attempted to flee Afghanistan following the withdrawal of UK troops as the Taliban took control of the country. Many are now seeking relocation to the UK.

Dozens of people applying to enter the UK have been mistakenly ccd into an email. This means that their email addresses were visible to all the recipients. The names of over 50 of the recipients were also exposed. At least one of the recipients is from the Afghan National Army.

Not using the bcc functionality when sending to multiple recipients is a common data privacy mistake- and one that an organisation like the MoD should have processes in place to prevent. 

The email was sent by the Afghan Relocations Assistance Policy (ARAP), a team led by the Home Office and MoD, which is charged with facilitating the evacuation operation. This is the same team responsible for the Afghan interpreters’ data breach.  

Afghan interpreter data breach

In the earlier data breach, which happened just days before, 250 Afghan interpreters seeking relocation to the UK were mistakenly copied into an email asking for an update on their situation. In this case, email addresses have been exposed, and some of the addresses had photographs of the interpreters. Many of those copied in the email are thought to be in hiding.


Those affected by the Afghan breaches have been informed, and they are being offered help to manage any potential threats. However, that they have been put in this position in the first place is a serious failure.  Lives could be at risk if this highly sensitive information falls into the hand of the Taliban. 

A series of data protection failures at the MoD

Commenting on the privacy violations, Kingsley Hayes, head of data breach at Keller Lenkner UK, said:

“The Ministry of Defence has launched an investigation into the data privacy failures and has reportedly taken steps “to ensure this does not happen in the future.” But with two serious data breaches happening within days, and another breach happening only a few months ago when a member of the public discovered sensitive documents at a bus stop, serious questions must be asked about how such violations are allowed to happen.

“Furthermore, while the immediate priority must be to secure the safety of those put at risk by the MoD’s haphazard email processes, those responsible must ultimately be held to account. Lives have been put at risk and this is simply unforgivable.”

Holding the MOD to account

Keller Lenkner UK has launched a group action to help the Afghan interpreters impacted by the earlier data breach. Contact us in confidence to discuss your case. 


Share this article:

Share on facebook
Share on twitter
Share on linkedin