British Ministry of Defence exposes MI6 Agents and Afghan allies
Take action: Yes, a government can fuck up with data protection just as easily as a private organization. But the shocking part is that a government can make a court order to hide that they have fucked up, while leaving the individuals at risk. This is a perfect example of "do as I say, don't do as I do".
Learn More
The British Ministry of Defence has caused a data breach when a defence official accidentally leaked sensitive personal information belonging to nearly 19,000 Afghans and over 100 British intelligence and special forces personnel.
The data breach was caused by an email error in February 2022 but remained hidden from the public for nearly two years under an unprecedented court-imposed "superinjunction". This prevented media reporting of the incident and kept Parliament in the dark for nearly two years.
A defence official at UK Special Forces headquarters mistakenly emailed a spreadsheet containing sensitive data outside of authorized government systems in February 2022. The official believed they were sending information on just 150 applicants, but the spreadsheet contained personal information associated with 18,714 Afghans who had applied to either the Ex Gratia or Afghan Relocations and Assistance Policy (ARAP) schemes. The data leak went unnoticed until August 2023, when excerpts of the spreadsheet were anonymously posted in a Facebook group.
The leaked files contained:
- Names and contact details of Afghan applicants and their family members
- Personal information of more than 100 British officials, including MI6 spies and Special Air Service (SAS) operatives
- Details of Members of Parliament and senior military officers who had endorsed Afghan relocation applications
- Family information and relatives' details of Afghan applicants
- Work-related contact information of British intelligence and special forces personnel
The breach affected approximately 18,714 Afghan applicants who had applied for relocation to the UK, along with their family members, bringing the total number of affected Afghans to approximately 33,000 people.
Between 80,000 and 100,000 people, including the estimated number of family members of the ARAP applicants, are indirectly affected by the breach and could be at risk of harassment, torture or death if the Taliban obtained their data. More than 100 British officials, including spies from MI6 and special forces personnel from units such as the SAS and Special Boat Service (SBS), had their personal details exposed.
The breach prompted the previous Conservative government to establish a secret resettlement scheme called the Afghanistan Response Route (ARR), which has cost approximately £400 million so far, with projected total costs of £850 million to £1.14 billion. The broader financial impact is estimated to reach £2 billion when including legal costs, compensation claims, and the full scope of the relocation programme.
Approximately 4,500 people, consisting of 900 Afghan applicants and approximately 3,600 family members, have been brought to the UK or are in transit under the secret Afghanistan Response Route. A further estimated 600 people and their relatives are expected to be relocated before the scheme closes, with a total of around 6,900 people expected to be relocated by the end of the scheme.
For members of the Secret Intelligence Service (MI6), having their names and details exposed in public is potentially career-ending. For serving and former members of the Special Air Service (SAS) and Special Boat Service (SBS), such leaks can expose them to the risk of threats to life.
Defence Secretary John Healey offered a "sincere apology" on behalf of the British government, stating "This serious data incident should never have happened. It may have occurred three years ago under the previous government, but to all whose data was compromised I offer a sincere apology."
