Add thelocalreport.in As A Trusted Source
A Ministry of Defence An officer left his laptop open on another train and revealed confidential information. Afghan data breach, Independent may disclose, as new documents expose series of government mistakes who has put private data In the wrong hands.
Records show that an officially sensitive personal email relating to Afghans seeking protection in Britain was accidentally sent in August 2023 to the Civil Service Sports and Social Club – a group for all civil service and public sector employees, which has 140,000 members.
New details come after a Disastrous MoD data breach This could potentially put thousands of Afghans helping British forces at risk from the Taliban. The major breach, which was discovered in August 2023 and led to the secret transfer of thousands of Afghans to Britain, came to light earlier this year when Independent And other media organizations struggled Remove an unprecedented gagging order which was imposed to hide it,
The incidents are among 49 data breaches within the unit handling applications from Afghans seeking to flee the Taliban and come to the UK over the past four years – including emails sent to the wrong people, insecure systems used and information accessed by the wrong staff.
In May 2024, a decision letter regarding a personal data incident was sent to the wrong person, while in June 2023, a so-called warm welcome letter, usually Afghan When the families arrived safely in the UK, they were sent to the wrong email address.
Other examples include emails sent to the wrong people, as well as an email sent from a personal email address to an applicant on the Afghan Rehabilitation and Assistance Program (ARAP) resettlement scheme when the sender was logged out. There was also an incident of wrongly downloading highly classified material and a case of officials wrongly accessing personal medical information.
In September 2023, there were also five instances of people using WhatsApp to share unsecured personal data. In February of the same year, the Defense Ministry also recorded inadvertent access to a flight manifest document. MoD chartered flights are often used to bring Afghans safely to Britain.
Details of the data breaches have been revealed in a letter sent by Ministry of Defence (MOD) to the Public Accounts Committee this month.
David Williams, the department’s top civil servant, detailed in a letter to MPs how personal data of Afghan applicants for the MoD’s resettlement scheme was sent to the wrong people and accessed by the wrong staff.
He acknowledged that the February 2022 breach, in which a member of Defense Ministry personnel mistakenly emailed a spreadsheet with 33,000 lines of data, was “made possible by the lack of appropriate systems to prevent or mitigate the error”. Mr Williams admitted the Ministry of Defense did not have secure casework or contact management systems in place.
Arap scheme was established in April 2021 After the Taliban takeover, to help those who feared their lives were in danger because they had worked with the British in Afghanistan. This scheme was discontinued in July.
The plan has been dogged by revelations of poor data security, potentially putting the lives of Afghan allies at risk of retaliation.
According to the Defense Ministry’s own records, the unit handling the transfer has had five of the 49 separate data breaches over the past four years. Applications from Afghans seeking asylum in Britain They were so serious that the data watchdog was reported to the Information Commissioner’s Office (ico,
Data incidents escalated to watchdog ico This included the February 2022 spreadsheet breach, a series of incidents where people had their details shared via email with blind carbon copy recipients due to the failure, and a breach relating to Microsoft Forms links.
In case of “blind copy” violations, ico MoD fined £350,000 for revealing personal information of people seeking transfer to the UK. In one incident, information of 265 people was inadvertently exposed. In response to the 2022 spreadsheet breach, which involved data on 18,700 applicants to the Arap scheme, the ICO decided not to launch a formal investigation, saying that doing so would divert resources from other priorities.
Dame Chi Onwurah, chair of the Science, Innovation and Technology Committee, said: “Last week, My committee heard from the Information Commissioner About the data security implications of the Afghan data breach. It is disappointing to hear that the ICO and successive administrations could have done more to ensure that government data practices are of a high enough standard to prevent repeat data breaches.
“This misuse of sensitive information is particularly worrying when we consider the digital security risks posed by the government’s plans for digital IDs.”
The MoD records the number of data incidents referred to the regulatory ICO each year in its annual report, including the number of people affected by these breaches. It decides whether to refer an incident to the ICO based on the estimated level of damage caused by each incident.
The Defense Ministry has declined to comment.