MoD admits a third data breach of email addresses of vulnerable Afghans left behind in Afghanistan
In a written statement to Parliament dated 15th November 2021, Ben Wallace, Secretary of State for Defence, admitted that the Ministry of Defence (MoD) suffered a third data breach on 7th September 2021 affecting 13 email addresses of vulnerable Afghans.
Posted on 23 November 2021
As with the two other data breaches, the email came from the Afghan Relocations and Assistance Policy (ARAP) team at the MoD and was sent to Afghan interpreters who remained stranded in Afghanistan after UK troops pulled out.
Unfortunately, and as with the other data breaches, it was mistakenly sent as a group email so that each recipient could also view the email addresses, as well as people's names.
In total, this means that 13 email addresses of vulnerable Afghans were compromised in a group email sent on 7thSeptember 2021, 55 email addresses were compromised in a second group email sent on 13th September 2021 and 245 email addresses were compromised in a third group email on 20th September 2021.
In his statement, which followed the MoD’s internal investigation of the data breaches, Mr Wallace described the data breaches as being “unacceptable and fell short of the high standards to which the MOD typically holds itself” as well as being “a breach of the trust many former Afghan staff have placed in us to honour our commitment and do all that we can to keep them safe.“
The statement confirmed that the MoD’s internal investigation had not revealed an increased threat to those affected or identified anyone who had come to harm as a result of these breaches. It also identified the remedial actions that the MoD had taken following the data breach including new data handling procedures, further training, improved record keeping and information management, checking of external emails before being sent and group emails needing to be authorised at a senior level.
Overall, Mr Wallace confirmed that, at the time that the UK troops pulled out, there were 311 ARAP-eligible Afghans who were called forward with their families during the evacuation operation, but unable to board flights. Mr Wallace stated that there were now fewer than 200 ARAP-eligible Afghans remaining in Afghanistan but that the MoD was continuing to work with urgency to relocate those remaining via a range of routes.
Sean Humber, a specialist data breach lawyer at Leigh Day who is acting for a number of those affected by the data breaches, stated:
“News of yet another data breach by the MoD of sensitive personal information of Afghan interpreters who have assisted British forces is worrying. This reinforces the need for a thorough independent review of the MoD’s entire data processing policies and practices in order to try and stop these errors from recurring.
“In light of reports that this information is now widely available on social media as well as media reports of Taliban reprisals against Afghan nationals formerly employed by Coalition Forces, the Government must redouble its efforts to relocate those affected and their families who currently remain trapped in Afghanistan to the UK. Our clients consider that the data breach has increased the risks they and their families face and has made an already desperate situation even worse.
“There seems to be no adequate explanation as to why the basic security measures only recently introduced by the Ministry of Defence were not in place at the time of these data breaches. Those affected are likely to have claims for compensation against the Government for the unauthorised release of their personal data and the problems that this has caused.”
Anybody affected by this data breach who wishes to discuss the matter on a confidential basis, without any obligation, should contact Sean Humber on 00 44 20 7650 1200 or by emailing email@example.com.
Sean is an experienced human rights lawyer and privacy breach compensation claims specialist
Lawyer for victims of Afghan data breach calls for independent audit of MoD data policies
A leading data breach lawyer is calling for an independent audit of the Ministry of Defence’s data handling policies and practices following further data breaches of sensitive personal data of Afghans seeking to relocate to the UK.
“Unacceptable” MoD data breach increases risk to safety of Afghan interpreters
The Ministry of Defence (MoD) has apologised for a data breach that revealed the email addresses and other personal details of more than 250 Afghan interpreters who worked for British forces and are seeking relocation to the UK.