https://arab.news/breeg
- Breach exposed personal information of up to 19,000 people
LONDON: The UK Ministry of Defense has been sharply criticized by British lawmakers over what a parliamentary report described as a series of “chaotic” decisions and serious failings that led to the 2022 leak of sensitive data belonging to tens of thousands of Afghans seeking relocation to Britain.
The data breach, which was triggered when a British soldier mistakenly sent a spreadsheet of applicants to a group of Afghans, exposed the personal information of up to 19,000 people.
According to the MoD, as many as 100,000 Afghans may ultimately have been placed at risk, including individuals connected to British special forces and government operations, .
The incident prompted the government to secure an unprecedented superinjunction — at the time the longest ever issued — and set in motion a secret multibillion-pound effort to extract some of the affected Afghans, while others were left in danger inside the country.
A report released on Friday by the House of Commons’ Public Accounts Committee said the ministry had been aware of vulnerabilities in the way it was managing data but failed to put proper safeguards in place as the volume of sensitive information rapidly increased.
MPs found that the department had been relying on Excel spreadsheets stored on a SharePoint system to handle thousands of lines of personal information — a method the committee said was “neither appropriate nor adequate.”
The soldier responsible for the accidental disclosure had believed he was sending information relating to around 150 applicants, rather than about 19,000. Hidden rows within the spreadsheet contained additional data he had not realized was there.
The breach went unnoticed by the MoD until August 2023, when an Afghan who had received the file threatened to publish it on Facebook.
Geoffrey Clifton-Brown, chairman of the committee, said: “It is the duty of this committee to report on the farrago of errors and missteps that led to, and followed, the Afghan data breach.”
He added: “It knew the risks of using inadequate systems to handle sensitive personal information as the security environment in Afghanistan deteriorated. I take no pleasure as chair of this committee in stating now that we lack confidence in the MoD’s current ability to prevent such an incident happening again.”
The report said the ministry had “not done enough to learn the lessons from previous data breaches” and had failed to give MPs sufficient confidence that reforms were in place to reduce the risk of another incident.
The committee also criticized the department for withholding information, noting that neither the PAC nor other parliamentary bodies, including the intelligence and security committee, were informed of the breach while the superinjunction was in force.
MPs added that ministers had put David Williams, the MoD’s permanent secretary, in a “deeply uncomfortable” position by preventing him from briefing senior civil servants about the data loss.
Nearly 30,000 of those affected have either been resettled in the UK or are due to be relocated, though thousands remain in Afghanistan awaiting processing.
The MoD has refused to say whether anyone was held accountable for the breach, which occurred under the previous Conservative government.
The current Labour administration initially maintained the secrecy orders but later lifted them after a review by Defense Secretary John Healey. At one stage ministers had drawn up plans to spend £7 billion ($9.2 billion) on bringing Afghans to the UK without informing the public.