Despite clear internal warnings, sensitive information was leaked.
The Ministry of Defence was cautioned about the risks of sharing spreadsheets containing hidden tabs before a 2022 data breach exposed the details of nearly 19,000 Afghans who had applied to relocate to the UK.
Documents released by the Information Commissioner's Office reveal that despite clear internal warnings, sensitive information was leaked when an official mistakenly emailed a spreadsheet with concealed data, reports BBC News.
The incident, described by officials as "likely the most expensive email ever sent," is estimated to cost taxpayers around £850 million due to the emergency resettlement scheme that followed. While the ICO fined other bodies for smaller breaches, it decided against sanctioning the MoD, citing concerns about burdening taxpayers further.
Internal communications show some ICO staff questioned the lack of investigation, warning of reputational risks to the regulator. The ICO maintains it has pushed for stronger safeguards, but acknowledged the government has "not yet done enough" to address systemic data security shortcomings.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
