UK Ministry of Defence subcontractor breach exposes data of thousands of Afghan evacuees

Thousands of Afghans evacuated to Britain under a resettlement scheme have had their personal information exposed following a cyber incident involving a Ministry of Defence subcontractor.

The breach, confirmed Friday, involved up to 3,700 individuals who arrived in the United Kingdom between January and March 2024 under the Afghan Relocations and Assistance Policy, a program designed to protect Afghans who worked alongside British forces. The compromised details include names, passport information, dates of birth, and relocation reference numbers. Some British military personnel and former government ministers were also affected.

The incident originated at Inflite The Jet Centre, a ground-handling services provider at London Stansted Airport. The company reported that unauthorized access was limited to a small number of email accounts. It has notified the Information Commissioner’s Office, which is assessing the case.

The Ministry of Defence said the exposure has not compromised government systems or posed an immediate threat to individuals’ safety. A spokesperson stressed that officials are contacting all potentially affected parties and are “going above and beyond our legal duties” in handling the matter.

This is the second major data security lapse tied to Afghan resettlement. In 2022, a spreadsheet error at the MoD exposed the personal information of nearly 19,000 applicants, forcing emergency relocations for individuals at risk of Taliban reprisal. That breach only became public last year.

Advocates expressed alarm over the new incident. Professor Sara de Jong of the Sulha Alliance, a charity supporting Afghans who served with British forces, called it “astonishing,” warning that it heaps additional risks onto people who already sacrificed for the United Kingdom. She urged the government to accelerate pending relocation applications.

The revelations come as some Afghan families remain stranded abroad. BBC’s Newsnight reported the recent deportation of an Afghan special forces veteran back to Afghanistan, despite his family’s application under the relocation scheme. His son, who escaped Pakistani authorities, told the broadcaster his family would not survive if forced to return, citing the danger created by leaked personal data.

Government officials defended their procedures, noting that strict checks are required before any relocation to the UK. “In some cases people do not pass these checks,” the MoD said.

Security experts have described the repeated breaches as a blow to Britain’s credibility. Sir Mark Lyall Grant, a former UK national security adviser, said the episodes were “deeply embarrassing” and underscored the need to act quickly to safeguard vulnerable partners. Former Chancellor Kwasi Kwarteng labeled the exposures “very serious” and “really concerning,” while Liberal Democrat Defence Spokesperson Helen Maguire demanded an independent investigation into what she called “staggering incompetence.”