Latest news with #Inflite
Telegraph
2 days ago
- Telegraph
British troops and Afghans' passport details targeted in cyber attack
Thousands of UK troops, government officials and Afghans flying into a British airport have had their data breached following a cyber attack, according to the Ministry of Defence. An alert was sent to about 3,700 affected individuals on Friday, with some having had their data breached for the second time. Personal information including passport number, name, date of birth could have been targeted after emails containing flight information were hacked, according to The Times. Former Tory ministers have also been affected by the data breach. It happened after Inflite, a third-party subcontractor used by the Ministry of Defence, suffered a ransomware attack, it was reported on Friday. The MoD alert warned: 'There is a risk that some of your or your family's personal information may be affected. This may include passport details (including name, data of birth, and passport number) and Afghan Relocations and Assistance Policy (Arap) reference numbers.' It urged those emailed to 'please remain vigilant and be alert to unexpected communication or unusual activity'. 'Criminal gang could be behind attack' It is believed a criminal gang could be behind the attack that was revealed on Friday, but Iran and Russia have not been ruled out as being involved. Of the 3,700 individuals targeted, more than 100 British personnel have been affected, according to sources. Afghans who were rescued from the Taliban and travelled through London Stansted airport may also been targeted. There is no suggestion that information has been released publicly or on the dark web. A Government spokesman said: 'We were recently notified that a third-party subcontractor to a supplier experienced a cybersecurity incident involving unauthorised access to a small number of its emails that contained basic personal information. 'We take data security extremely seriously, and are going above and beyond our legal duties in informing all potentially affected individuals. The incident has not posed any threat to individuals' safety, nor compromised any Government systems.' On Aug 10, a statement published to Inflite The Jet Centre's website said the breach involved data from January and March 2024. Inflite, which offers ground-handling services for flights to the airport through Inflite The Jet Centre, is used by the UK to support Afghans travelling for refuge to the UK and also is operating flights for the Cabinet Office. It comes after, in February 2022, the details of almost 25,000 Afghans – including 18,800 soldiers – who had applied for the Afghan Relocations and Assistance Policy were released 'in error' by a defence official. The then Tory government sought, and was granted, a super injunction to keep the breach a secret as it established a covert relocation scheme to bring the affected Afghan soldiers and their family members to the UK, amid fears they could be targeted by the Taliban.
Yahoo
2 days ago
- Politics
- Yahoo
Thousands more Afghans affected by second data breach, ministers say
Thousands more Afghan nationals may have been affected by another data breach, the government has said. Up to 3,700 Afghans brought to the UK between January and March 2024 have potentially been impacted as names, passport details and information from the Afghan Relocations and Assistance Policy has been compromised again, this time by a breach on a third party supplier used by the Ministry of Defence (MoD). This was not an attack directly on the government but a cyber security incident on a sub-contractor named Inflite - The Jet Centre - an MoD supplier that provides ground handling services for flights at London Stansted Airport. The flights were used to bring Afghans to the UK, travel to routine military exercises, and official engagements. It was also used to fly British troops and government officials. Those involved were informed of it on Friday afternoon by the MoD, marking the second time information about Afghan nationals relocated to the UK has been compromised. It is understood former Tory ministers are also affected by the hack. Earlier this year, it emerged that almost 7,000 Afghan nationals would have to be relocated to the UK following a massive data breach by the British military that successive governments tried to keep secret with a super-injunction. Defence Secretary John Healey offered a "sincere apology" for the first data breach in a statement to the House of Commons, saying he was "deeply concerned about the lack of transparency" around the data breach, adding: "No government wishes to withhold information from the British public, from parliamentarians or the press in this manner." The previous Conservative government set up a secret scheme in 2023 to relocate Afghan nationals impacted by the data breach, but who were not eligible for an existing programme to relocate and help people who had worked for the British government in Afghanistan. The mistake exposed personal details of close to 20,000 individuals, endangering them and their families, with as many as 100,000 people impacted in total. Read more on Sky News:Data breach victims sent spam emailsAfghan data leak timelineMoD urged to reveal details of nuclear incident A government spokesperson said of Friday's latest breach: "We were recently notified that a third party sub-contractor to a supplier experienced a cyber security incident involving unauthorised access to a small number of its emails that contained basic personal information. "We take data security extremely seriously and are going above and beyond our legal duties in informing all potentially affected individuals. The incident has not posed any threat to individuals' safety, nor compromised any government systems." In a statement, Inflite - The Jet Centre confirmed the "data security incident" involving "unauthorised access to a limited number of company emails". "We have reported the incident to the Information Commissioner's Office and have been actively working with the relevant UK cyber authorities, including the National Crime Agency and the National Cyber Security Centre, to support our investigation and response," it said. "We believe the scope of the incident was limited to email accounts only, however, as a precautionary measure, we have contacted our key stakeholders whose data may have been affected during the period of January to March 2024."
Sky News
2 days ago
- Politics
- Sky News
Thousands more Afghans affected by second data breach, ministers say
Thousands more Afghan nationals may have been affected by another data breach, the government has said. Up to 3,700 Afghans brought to the UK between January and March 2024 have potentially been impacted as names, passport details and information from the Afghan Relocations and Assistance Policy has been compromised again, this time by a breach on a third party supplier used by the Ministry of Defence (MoD). This was not an attack directly on the government but a cyber security incident on a sub-contractor named Inflite - The Jet Centre - an MoD supplier that provides ground handling services for flights at London Stansted Airport. 2:34 The flights were used to bring Afghans to the UK, travel to routine military exercises, and official engagements. It was also used to fly British troops and government officials. Those involved were informed of it on Friday afternoon by the MoD, marking the second time information about Afghan nationals relocated to the UK has been compromised. It is understood former Tory ministers are also affected by the hack. Earlier this year, it emerged that almost 7,000 Afghan nationals would have to be relocated to the UK following a massive data breach by the British military that successive governments tried to keep secret with a super-injunction. Defence Secretary John Healey offered a "sincere apology" for the first data breach in a statement to the House of Commons, saying he was "deeply concerned about the lack of transparency" around the data breach, adding: "No government wishes to withhold information from the British public, from parliamentarians or the press in this manner." 2:57 The previous Conservative government set up a secret scheme in 2023 to relocate Afghan nationals impacted by the data breach, but who were not eligible for an existing programme to relocate and help people who had worked for the British government in Afghanistan. The mistake exposed personal details of close to 20,000 individuals, endangering them and their families, with as many as 100,000 people impacted in total. A government spokesperson said of Friday's latest breach: "We were recently notified that a third party sub-contractor to a supplier experienced a cyber security incident involving unauthorised access to a small number of its emails that contained basic personal information. "We take data security extremely seriously and are going above and beyond our legal duties in informing all potentially affected individuals. The incident has not posed any threat to individuals' safety, nor compromised any government systems." In a statement, Inflite - The Jet Centre confirmed the "data security incident" involving "unauthorised access to a limited number of company emails". "We have reported the incident to the Information Commissioner's Office and have been actively working with the relevant UK cyber authorities, including the National Crime Agency and the National Cyber Security Centre, to support our investigation and response," it said. "We believe the scope of the incident was limited to email accounts only, however, as a precautionary measure, we have contacted our key stakeholders whose data may have been affected during the period of January to March 2024."
Times
2 days ago
- Times
UK troops and Afghans' passport details lost by MoD in data breach
Thousands of British troops, government officials and Afghans flying into a UK airport have had their data breached — in some cases possibly for the second time — after a cyberattack, the Ministry of Defence has warned. An alert was sent to about 3,700 affected individuals on Friday telling them their personal information, including their name, date of birth and passport number, may have been lost after emails containing flight information were hacked. This happened after Inflite, a third-party subcontractor used by the Ministry of Defence, suffered a ransomware attack, thought to have been carried out by criminal gangs. It is unclear if a state actor such as Iran or Russia has been ruled out. • Afghan on leaked list is blocked from UK in 'callous' reversal About 3,700 individuals are believed to have been potentially affected, including more than 100 British personnel, sources said. The rest were Afghans being rescued from the Taliban. The data covered the period between January and March 2024, when hundreds of Afghans are likely to have been flown to the UK. The attack, which happened recently, related specifically to those flying into London Stansted airport. The flights were used for bringing Afghans to the UK, travel to routine military exercises and official engagements. Inflite — through its subsidiary Inflite the Jet Centre — provides ground-handling services for flights to the airport, which is often used by the UK to bring in Afghans seeking sanctuary in also handles flights for the Cabinet Office. The MoD alert warned: 'There is a risk that some of your or your family's personal information may be affected. This may include passport details (including name, data of birth, and passport number) and Afghan Relocations and Assistance Policy (Arap) reference numbers.' It warned those emailed 'please remain vigilant and be alert to unexpected communication or unusual activity'. The email has been sent to those who travelled during the period. It explained that certain information was required by the contractor to enable flights to depart and arrive. MoD sources said there was currently no evidence to suggest that any data had been released publicly or on the dark web. The MoD is already under scrutiny over the Afghan superinjunction — the longest-ever to be sought by a government — which prevented parliamentary and public scrutiny of the leak of a spreadsheet detailing the names, telephone numbers and emails addresses of Afghans seeking relocation to Britain. • How to educate 2,800 Afghan girls without the Taliban finding out Officials insisted the information should stay secret for almost two years, arguing that as many as 100,000 Afghans were at risk of Taliban retribution including death and torture. However, it suddenly dropped its case, and the superinjunction was discharged last month, after an independent review found it was 'highly unlikely' Afghans on the leaked spreadsheet were at risk. Ministers then U-turned on plans to bring 42,500 of those affected to Britain, reducing the number to 24,000 Afghans, including family members, because they were either here or had already been invited. Details of the new breach emerged as a Freedom of Information request revealed the legal bill for the Afghan superinjunction was almost £2.5 million. Adnan Malik at Barings Law, representing 1,400 Afghans affected by previous the Afghan data leak, said: 'This is public money they used to cover their own backs. Barings Law will continue to pursue justice for all of those affected, and stop the deceit on behalf of the MoD.' Professor Sara de Jong of the Sulha Alliance, which campaigns for Afghans who worked beside UK forces during the 20 years of conflict, said: 'It's extraordinary that Afghans at risk are affected by yet another data security incident involving the Ministry of Defence. This will even further erode the trust of Afghans, who supported British military goals and who thought they could rely on protection in return, in UK institutions. 'Afghans who are now affected by several data leaks will also be left wondering why the Ministry of Defence's communication and advice is different each time, with the limited security advice and guidance, given very little reassurance.' Rafi Hottak, a former interpreter who was blown up on the front line and now campaigns for his ex-colleagues, said: 'How can it be that we've now had three separate data leaks involving one of the most vulnerable group of people? I am truly worried about how badly the UK MoD has mishandled the personal data of Afghan allies. Once again, they have failed to protect those who stood shoulder to shoulder with them in the fight against terrorism.' A government spokesperson said: 'We were recently notified that a third-party subcontractor to a supplier experienced a cybersecurity incident involving unauthorised access to a small number of its emails that contained basic personal information. 'We take data security extremely seriously and are going above and beyond our legal duties in informing all potentially affected individuals. 'The incident has not posed any threat to individuals' safety, nor compromised any government systems.'
