"Data Breach Exposes Personal Information of Thousands of Afghans Resettled in the UK"

Thousands of Afghans brought to safety in the UK are facing a serious breach of privacy after a Ministry of Defence (MoD) sub-contractor suffered a cyber-security incident. Up to 3,700 individuals may have had their personal data compromised, including names, passport information, and details related to the Afghan Relocations and Assistance Policy (Arap).

The breach occurred at Inflite The Jet Centre, which provides ground-handling services for flights at London Stansted Airport. This incident follows a previous major data breach in 2022 that exposed the details of nearly 19,000 individuals seeking refuge in the UK from the Taliban.

The government has stated that the incident "has not posed any threat to individuals' safety, nor compromised any government systems," and there is currently no evidence to suggest that any data has been publicly released. The Afghans affected are believed to have arrived in the UK between January and March 2024 under a resettlement scheme for those who assisted British troops.

An email from the Afghan resettlement team warned families that their personal information may have been exposed, including passport details and Arap reference numbers. The breach also affects British military personnel and former Conservative government ministers, according to the BBC.

A government spokesperson confirmed that they were notified of the cyber-security incident involving unauthorized access to a limited number of emails containing basic personal information. "We take data security extremely seriously and are going above and beyond our legal duties in informing all potentially affected individuals," the spokesperson stated.

Inflite The Jet Centre has reported the incident to the Information Commissioner's Office (ICO), which has confirmed receipt of the report. Professor Sara de Jong from the Sulha Alliance, a charity supporting Afghans who worked for the British Army, described the breach as "astonishing." She emphasized that the last thing Afghans who risked their lives for British forces need is additional anxiety about their safety.

The incident follows a previous breach in February 2022, where personal data of nearly 19,000 Afghans applying to relocate to the UK was mistakenly leaked by a British official. This leak led to thousands of Afghans being secretly relocated to the UK, as the leaked spreadsheet contained names, contact details, and family information of individuals at risk from the Taliban.

In a related case, the son of a member of the Afghan "Triples" elite special forces, who worked alongside the British Army, spoke to the BBC about his family's plight. They had applied to the Arap scheme shortly after the Taliban regained power in August 2021 and were waiting for a decision while in Pakistan. The family faced imminent deportation back to Afghanistan after local authorities raided their hotel.

"Please help my family and avoid their murder by the Taliban," the son pleaded with the British government. Following the interview, it was reported that the man had been deported back to Afghanistan.

In response to the deportation, the MoD stated that it was "honouring commitments" to all eligible individuals who pass the necessary checks for relocation. "As the public would rightly expect, anyone coming to the UK must pass strict security and entry checks before being able to relocate," the statement read.

Sir Mark Lyall Grant, a former UK national security adviser, described both data breaches as "deeply embarrassing" for the British government. He emphasized the need for the government to honor its commitments to protect those at risk of persecution by the Taliban.

Kwasi Kwarteng, former Conservative Chancellor, called the data breaches "very serious" and "really concerning" for individuals facing deportation. Helen Maguire, Liberal Democrat Defence Spokesperson, accused the government of "staggering incompetence and clearly inadequate security standards," demanding an "immediate, fully independent investigation" into the breaches.