Ministry of Defence Faces Scrutiny After Afghan Data Breach Left Thousands Exposed

DOWNLOAD IPFS

A major security lapse at the United Kingdom’s Ministry of Defence (MoD) resulted in the leak of sensitive personal data affecting up to 100,000 Afghans and more than 100 British personnel, including Special Air Service (SAS) operatives and Secret Intelligence Service (MI6) officers. A rare “super-injunction” concealed the incident for nearly two years, prompting growing calls from Members of Parliament (MPs) and peers for accountability and transparency.

In February 2022, a spreadsheet listing some 18,700 Afghan applicants under the Afghan Relocations and Assistance Policy (ARAP), along with their families and UK sponsors, including MPs, military figures, SAS operatives, and MI6 staff, was inadvertently exposed. The MoD later secured a super-injunction to suppress public knowledge of the breach, including disclosure to the Parliamentary Intelligence and Security Committee (ISC). Critics argue this level of secrecy prevented proper scrutiny and undermined public trust.

The breach reportedly placed thousands of Afghans at risk of Taliban reprisal. In response, Operation Rubific and the Afghanistan Response Route (ARR) evacuated approximately 24,000 people to the UK at an estimated cost of between £5.5 billion and £7 billion. While MoD officials claim the risk has since diminished, citing an independent review by Paul Rimmer which concluded that Taliban targeting is now “highly unlikely”, legal experts and campaigners remain sceptical, particularly over delayed compensation and the use of gagging orders.

Lord Beamish, chair of the ISC, described the withholding of intelligence assessments as “appalling” and demanded that the committee be granted access to all relevant documentation. He emphasised that the ISC has a statutory right to review such material and warned that the MoD’s actions set a dangerous precedent for unaccountable governance.

Further revelations show this breach is part of a broader pattern. MoD records indicate 569 data security incidents in the 2023–24 period alone, including lost devices and a cyber intrusion that compromised personal information for 272,000 staff members. The Information Commissioner’s Office imposed a £350,000 fine on the MoD in connection with an email breach involving ARAP applicants.

From a centre-right perspective, the episode underscores the urgent need for stronger internal controls, clearer oversight mechanisms, and a reaffirmation of the MoD’s responsibility to protect those who supported UK operations abroad. As Parliament prepares to summon defence officials this autumn, the central issue remains how will the government restore confidence in its handling of both national security and human lives.