MoD under fire after 49 security breaches revealed in Afghan resettlement cases.
The Ministry of Defence has admitted there have been 49 data breaches in the past four years at the unit responsible for handling relocation applications from Afghans seeking safety in the UK.
According to BBC News, four of the breaches were already known publicly, including the 2022 leak of a spreadsheet containing the details of nearly 19,000 people fleeing the Taliban.
That incident, one of the largest in recent government history, was only fully revealed last month when the High Court lifted a gagging order.
The UK’s Information Commissioner’s Office (ICO) previously described the 2022 breach as a “one-off occurrence” caused by a failure to follow routine checks, rather than evidence of systemic failings.
Worrying Pattern
Lawyers representing Afghans caught up in the breaches argue the newly disclosed figures, released to the BBC under the Freedom of Information Act, suggest a more worrying pattern. They said the scale of incidents raises concerns over a culture of lax data security within the resettlement scheme.
While the MoD has declined to provide details of the individual cases, some previously acknowledged breaches involved officials mistakenly disclosing applicants’ email addresses or personal information to unintended recipients. Campaigners have warned that any mishandling of sensitive data could put Afghans and their families at risk, given the threat they face from the Taliban.
An MoD spokesperson told BBC News: "We take data security extremely seriously and are committed to ensuring that any incidents are dealt with properly, and that we follow our legal duties.
"All incidents that meet the threshold under UK data protection laws are referred to the Information Commissioner's Office, and any lesser incidents are examined internally to ensure lessons are learned."
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
