a day ago
Hackers capture personal data of former Tory ministers, British troops and thousands of Afghans allies in latest Ministry of Defence blunder
Personal data of former Tory ministers, British troops and thousands of Afghans has been lost in another embarrassing blunder for the Ministry of Defence.
Defence officials sent a warning on Friday to 3,700 affected individuals warning their personal details, including their name, date of birth and passport number, had been hacked.
It comes exactly a month after it was revealed the MoD had been running secrets flights to Britain, bringing in thousands of Afghans after a data blunder put 100,000 of them 'at risk of death' from the Taliban.
The latest leak concerns many of the same people and is the third involving the personal data of former frontline Afghans since 2021.
Former special forces interpreter Rafi Hottak, who was seriously injured in Afghanistan, said: 'How can it be that we've now had three separate data leaks involving one of the most vulnerable groups of people.
'I am truly worried about how badly the UK MOD has mishandled the personal data of Afghan allies.
'Once again, they have failed to protect those who stood shoulder to shoulder with them.'
The personal details of former Conservative government ministers are also understood to have been compromised.
Former special forces interpreter Rafi Hottak, who was seriously injured in Afghanistan , said: 'How can it be that we've now had three separate data leaks involving one of the most vulnerable groups of people'
Such is the sensitivity of the leak that both the National Crime Agency and the National Cyber Security Centre are involved in the investigation.
It follows a cyber attack on a third-party sub-contractor used by the MoD for flights into Stansted – the airport that brings Afghans to the UK.
They have been flown over in a secret operation following a major data leak, which was uncovered in 2023 and then remained secret for almost two years after an unprecedented government super-injunction.
It is believed that some of the Afghans whose data was leaked in that first blunder have now been impacted a second time.
A subcontractor called Inflite The Jet Centre which provides ground handling services for flights to the airport was compromised. It also handles flights for the Cabinet Office.
The data covered the period from January to March last year, when hundreds of Afghans, relocated after risking their lives to help British troops, were flown to the UK.
The hack, which happened recently, related only to those flying into Stansted Airport. Investigations are underway into the cyber attack and ransomware demands, said the MoD.
The flights were used for bringing Afghans to the UK, as well as travel to routine military exercises and official engagements.
The database at the heart of the super-injunction scandal, seen by the Daily Mail, contains details of more than 100 Britons including senior military officers and government officials
The MoD alert warned: 'Please remain vigilant and be alert to unexpected communication or unusual activity.'
The email has been sent to those who travelled during the period. It explained that certain information was required by the contractor to enable flights to depart and arrive.
It is understood the hack primarily concerned Afghans being brought here, although 100 UK personnel were also affected.
MoD sources said there was currently no evidence to suggest that any data has been released publicly or on the dark web. Investigations are underway into the cyber attack and any possible ransomware demands.
Tens of thousands of Afghans who served alongside UK forces during the war have been rescued and brought to the UK.
Professor Sara de Jong of the Sula Alliance, which campaigns for Afghans who worked beside UK forces during the 20 years of conflict, said: 'It's extraordinary that Afghans at risk are affected by yet another data security incident involving the Ministry of Defence.
'This will even further erode the trust of Afghans, who supported British military goals and who thought they could rely on protection in return, in UK institutions.
'Afghans who are now affected by several data leaks will also be left wondering why the Ministry of Defence's communication and advice is different each time, with the limited security advice and guidance, given very little reassurance.'
In a statement, Inflite The Jet Centre Limited said it 'recently experienced a data security incident involving unauthorised access to a limited number of company emails.
'We have reported the incident to the Information Commissioner's Office (ICO) and have been actively working with the relevant UK cyber authorities to support our investigation and response.
'We believe the scope of the incident was limited to email accounts only, however, as a precautionary measure, we have contacted our key stakeholders whose data may have been affected during the period of January to March 2024.'
A government spokesman said: 'The incident has not posed any threat to individuals' safety, nor compromised any government systems.'
'We were recently notified that a third party sub-contractor to a supplier experienced a cyber security incident involving unauthorised access to a small number of its emails that contained basic personal information.
'We take data security extremely seriously and are going above and beyond our legal duties in informing all potentially affected individuals.'
The government super-injunction was imposed after a list of those looking to relocate to Britain from Afghanistan after the Taliban took back control was accidentally emailed out by a soldier.
When the Daily Mail uncovered the leak, it, followed by other media, was gagged.
