Scale of MoD Afghan information breaches widens dramatically

The Ministry of Defence (MoD) has admitted there have been greater than 12 instances as many information breaches linked to its Afghan Relocations and Help Coverage (Arap) programme than beforehand thought.

Till now, a complete of 4 breaches have been identified to have hit Arap, a scheme established again in April 2021 to carry Afghan residents vulnerable to Taliban persecution to security within the UK. Nonetheless, in keeping with Freedom of Info (FoI) figures launched to the BBC, the true quantity is definitely 49.

In accordance with the BBC, the MoD declined to touch upon the exact nature of any of the opposite breaches.

Two of the identified breaches relate to failings round e-mail safety hygiene and collectively affected about 300 people. The extra vital of the 2 resulted within the imposition of a £350,000 nice on the MoD by the Info Commissioner’s Workplace (ICO) – a transfer thought-about out-of-step with the regulator’s traditional coverage of not fining authorities our bodies concerned in incidents.

Then, in July 2025, much more critical information safety failings on the MoD emerged when it was revealed that the information of just about 19,000 asylum seekers had been launched in error by a staffer. This solely got here out after the lifting of a superinjunction stopping the media from reporting on the information breach.

Earlier in August, it was additionally revealed {that a} third-party companies supplier working with the MoD at Stansted Airport suffered a cyber assault that compromised the information of three,700 folks together with some related to Arap.

Talking to the BBC, Barings Regulation head of information safety Adnan Malik – whose agency is already representing over 1,000 Afghan claimants who had their information leaked in prior breaches, described how an apparently remoted incident was now rising right into a collection of “catastrophic failings”.

Malik referred to as for the MoD to be absolutely clear going ahead, saying victims shouldn’t be discovering out the reality from attorneys or journalists.

ESET international cyber safety advisor Jake Moore mentioned that basically, human error remains to be a weak level in information safety, with a terrific many breaches attributable to wrongly-sent emails or missed safety checks.

“However when the information consists of extremely delicate info, the menace stage dramatically will increase,” mentioned Moore. “Delicate information ought to at all times require stricter safety by way of encryption and further human checks, particularly when lives are in danger. 

“Repeated incidents not solely rub salt into the wound however present systemic weaknesses which means safety must be improved in organisational tradition. Confidence in safety can simply be misplaced and on this case the leaks threatened not solely privateness however folks’s security,” he added.

The MoD informed the BBC it took information safety “extraordinarily critically” and that the division was dedicated to creating certain incidents have been handled in accordance with the regulation, together with referral to the ICO if an incident meets the related thresholds.