UK Defense Ministry Fines For Afghan Data Breach

Penka Hristovska
Penka Hristovska Senior Editor
Penka Hristovska Penka Hristovska Senior Editor

The British data regulator on Wednesday announced that the UK defense ministry has been fined for email data breaches that revealed information on Afghan nationals.

The Information Commissioner’s Office (ICO) said it had fined the Ministry of Defence (MoD) $440,000 (or around £350,000) for an error that disclosed information about more than 265 Afghans who were seeking to flee to the UK after the Taliban took control of Afghanistan back in 2021.

The ICO found that details belonging to the Afghan national were mistakenly copied into emails sent by the government and could be seen by all recipients. According to the group, two people “replied all” and one of them shared their location with all recipients, which was made up of Afghan citizens who were eligible for evacuation.

Under data protection laws, organizations are required to have measures in place to prevent disclosure of personal information. ICO found that the ministry’s Afghan Relocations and Assistance Policy (ARAP), which was in charge of helping Afghan citizens who worked for or with the UK government to relocate, didn’t meet this requirement at the time.

“This deeply regrettable data breach let down those to whom our country owes so much,” Information Commissioner John Edwards said. “While the situation on the ground in the summer of 2021 was very challenging and decisions were being made at pace, that is no excuse for not protecting people’s information who were vulnerable to reprisal and at risk of serious harm.”

“The data disclosed, should it have fallen into the hands of the Taliban, could have resulted in a threat to life,” Edwards’s office added. The persons affected  “were vulnerable to reprisal and at risk of serious harm. When the level of risk and harm to people heightens, so must the response.”

The then-defense minister, Ben Wallace, acknowledged the error and apologized to the British parliament when the incident came to light. He also launched a formal investigation. The ministry similarly apologized and said it would share details on the measures it’s introducing to address these issues.

About the Author
Penka Hristovska
Penka Hristovska
Senior Editor

About the Author

Penka Hristovska is an editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.