The British data regulator on Wednesday announced that the UK defense ministry has been fined for email data breaches that revealed information on Afghan nationals.
The Information Commissioner’s Office (ICO) said it had fined the Ministry of Defence (MoD) $440,000 (or around £350,000) for an error that disclosed information about more than 265 Afghans who were seeking to flee to the UK after the Taliban took control of Afghanistan back in 2021.
The ICO found that details belonging to the Afghan national were mistakenly copied into emails sent by the government and could be seen by all recipients. According to the group, two people “replied all” and one of them shared their location with all recipients, which was made up of Afghan citizens who were eligible for evacuation.
Under data protection laws, organizations are required to have measures in place to prevent disclosure of personal information. ICO found that the ministry’s Afghan Relocations and Assistance Policy (ARAP), which was in charge of helping Afghan citizens who worked for or with the UK government to relocate, didn’t meet this requirement at the time.
“This deeply regrettable data breach let down those to whom our country owes so much,” Information Commissioner John Edwards said. “While the situation on the ground in the summer of 2021 was very challenging and decisions were being made at pace, that is no excuse for not protecting people’s information who were vulnerable to reprisal and at risk of serious harm.”
“The data disclosed, should it have fallen into the hands of the Taliban, could have resulted in a threat to life,” Edwards’s office added. The persons affected “were vulnerable to reprisal and at risk of serious harm. When the level of risk and harm to people heightens, so must the response.”
The then-defense minister, Ben Wallace, acknowledged the error and apologized to the British parliament when the incident came to light. He also launched a formal investigation. The ministry similarly apologized and said it would share details on the measures it’s introducing to address these issues.