“Unacceptable” MoD data breach increases risk to safety of Afghan interpreters
The Ministry of Defence (MoD) has apologised for a data breach that revealed the email addresses and other personal details of more than 250 Afghan interpreters who worked for British forces and are seeking relocation to the UK.
Posted on 21 September 2021
The email, which came from the Afghan Relocations and Assistance Policy (ARAP) team at the MoD, was sent to Afghan interpreters who remain stranded in Afghanistan after UK troops pulled out. It advised them that ARAP was doing everything possible to get them to safety and not to risk leaving their current location if it was not safe.
Unfortunately, it was mistakenly sent as a group email to over 250 recipients so that each recipient could also view the email addresses, as well as people's names and some associated profile pictures, of all of the other recipients. Upon realising their error, the MoD then sent another email 30 minutes later asking the recipients to delete the previous email and warning "your email address may have been compromised" and that the recipients should change their email addresses.
The MoD has now apologised for the error, with Ben Wallace, the Defence Secretary, admitting that the breach was “unacceptable”, and stating that it was offering advice to those affected on how to manage the potential risks.
Sean Humber, a specialist data breach lawyer at Leigh Day, stated:
“It is hard to think of a more serious data breach given the risks posed to the lives of those identified in the email. We have already been approached by a number of those affected expressing concern that this makes an already extremely difficult situation even worse. The Government must recognise this and redouble its efforts to urgently relocate those affected and their families to the UK.
“In due course, those affected are likely to be able to bring substantial claims for compensation against the Government for the unauthorised release of their personal data and the problems that it has caused.”
Gene Matthews, a specialist data breach lawyer at Leigh Day, added:
“Sadly, this is not the first time that the MoD has mistakenly disclosed sensitive personal information that has placed individuals at risk. There now needs to be a thorough independent review of the MoD’s data processing policies and practices in order to try and stop these errors from happening again.”
Anybody affected by this data breach who wishes to discuss the matter on a confidential basis, without obligation, should contact Sean Humber on 00 44 20 7650 1200 or by emailing firstname.lastname@example.org .
Sean is an experienced human rights lawyer and privacy breach compensation claims specialist
Gene specialises in consumer law, product liability and data protection claims mainly brought as group claims/ multi-party actions