Latest news with #databreach
The Guardian
13 minutes ago
- Politics
- The Guardian
What are superinjunctions and why was one imposed in Afghan case?
A data breach that led the UK government to offer relocation to 15,000 Afghans in a secret scheme with a potential cost of more than £2bn escaped parliamentary and media scrutiny until Tuesday when a superinjunction was lifted more than 600 days after it had taken effect. Here, the Guardian explains the legal background to the controversy. A regular injunction is a court order that prevents certain details of a case from being made public. A superinjunction prohibits disclosure not only of the underlying information but also of the existence of the order itself. One of the earliest known superinjunctions was obtained by the oil-trading company Trafigura in 2009 to prevent the Guardian from reporting details of toxic waste dumping in Ivory Coast. They have also been used by celebrities such as the footballers John Terry and Ryan Giggs to try to stop reporting about their private lives. The Daily Mail said that after its reporter approached the Ministry of Defence (MoD) about the breach, the D-notice committee (formally the Defence and Security Media Advisory Committee) was activated, which advises the press on threats to national security. Compliance with the committee is not obligatory but the Mail said it agreed not to publish the story. It said the government applied for a binding court order after others became aware of the breach. Ben Wallace, who was defence secretary at the time, told the BBC's Today programme that when ministers went to the high court 'we applied for a four-month injunction, a normal injunction,' and that he did not know why it was converted into a superinjunction in September 2023. He said his priority 'was to protect those people who could have been or were exposed by this data leak'. Mr Justice Robin Knowles said in his 2023 judgment that he had gone further than what the MoD had requested. 'Although it was proposed that the order (not the hearing) should be in public and published on the court website, I have decided it should be in private and not published on the website, at least at this stage,' he said. After Paul Rimmer, a former civil servant, carried out a review for the MoD, Mr Justice Chamberlain ordered on 26 June that the injunction be lifted from noon on Tuesday 16 July because Rimmer's conclusions 'fundamentally undermine the evidential basis on which [the courts previously] relied in deciding that the superinjunction should be continued'. This time there was no appeal. In his review, Rimmer said: 'It appears unlikely that merely being on the dataset would be grounds for targeting. It is therefore also unlikely that family members – immediate or more distant – will be targeted simply because the 'principal' appears in the dataset. Should the Taliban wish to target individuals, the wealth of data inherited from the former government would already enable them to do so.' The aim was ostensibly to prevent risk to life, but in a judgment in May last year ordering that the superinjunction be lifted – which was subsequently overturned by the court of appeal – Chamberlain said: 'It is fundamentally objectionable for decisions that affect the lives and safety of thousands of human beings, and involve the commitment of billions of pounds of public money, to be taken in circumstances where they are completely insulated from public debate.' He said the superinjunction was likely to have an adverse effect on those not being relocated as they would not be able to react to any threat or benefit from public pressure on the government to do more for them. In last month's final judgment, Chamberlain said: 'The assessments in Mr Rimmer's report are very different from those on which the superinjunction was sought and granted. The change is in part due to the passage of time … It will be for others to consider whether lessons can be learned from the way the initial assessments in this case were prepared and whether the courts were, or are generally, right to accord such weight to assessments of this kind. Mark Stephens, a partner at Howard Kennedy and a trustee of Index on Censorship, said it might have been justified by the exceptional circumstances but added: 'The difficulty here is, I think you're only entitled to the superinjunction for as long as it is necessary, essentially to preserve life, and it's not clear that this didn't run on a bit longer.'
France 24
43 minutes ago
- Politics
- France 24
'Serious questions' over UK secret Afghan relocations: PM
Parliamentary Speaker Lindsay Hoyle said the affair raised significant constitutional issues" after it emerged that the previous government had obtained a court order banning media coverage and preventing any scrutiny by parliament. Thousands of Afghans who worked with the UK and their families have been brought to Britain under the programme following the leak. But the 2022 breach and the resettlement plan to protect those involved from potential repercussions only came to light on Tuesday after a court super-gag was lifted. Defence Minister John Healey told parliament a UK official had accidentally leaked a spreadsheet containing the names and details of almost 19,000 Afghans who had asked to be relocated to Britain. It happened in February 2022, just six months after Taliban fighters seized Kabul, he said. In parliament Wednesday, Starmer said his government supported the principle of fulfilling "our obligations to Afghans who served alongside British forces" in the post 9/11 conflict in the South Asian country. Healey had "set out the full extent of the failings that we inherited: a major data breach, a superinjunction, a secret route that has already cost hundreds of millions of pounds", he added. "Ministers who served under the party opposite have serious questions to answer about how this was ever allowed to happen," he said. Kept from parliament The nearly two-year-long court ban secured by the previous government prevented any media reporting of the leak. In addition, parliament was not briefed and there was no public knowledge of the resettlement plan and the costs involved. Speaker of Parliament Lindsay Hoyle, who is responsible for the proper administration of the House of Commons, also commented on the affair. "This episode raises significant constitutional issues. I have therefore asked the clerks to consider whether any lessons need to be learned from this case," he told lawmakers. Under the Conservatives the secret programme was put in place in April 2024 to help those "judged to be at the highest risk of reprisals by the Taliban", Healey said told parliament. Some 900 Afghans and 3,600 family members have now been brought to Britain or are in transit under the programme known as the Afghan Response Route, at a cost of around £400 million ($535 million). Applications from 600 more people have also been accepted, bringing the estimated total cost of the scheme to £850 million. They are among some 36,000 Afghans accepted by Britain under different schemes since the August 2021 fall of Kabul. 'No cover-up' Former defence minister Ben Wallace said he stood by his decision to seek secrecy from the court in August 2023 and rejected claims of a "cover-up". "I make no apology for applying to the court for an injunction at the time," he said. "If this leak was reported at the time, the existence of the list would put in peril those we needed to help," he told BBC radio. When Labour came to power in July 2024, the scheme was up and running but Healey said he had been "deeply uncomfortable to be constrained from reporting" it to parliament. He estimated the total cost of relocating people to Britain from Afghanistan under the various resettlement schemes at between £5.5 billion to £6 billion.
Yahoo
an hour ago
- Business
- Yahoo
UK retail giant Co-op confirms hackers stole all 6.5 million customer records
The chief executive of U.K. retail conglomerate the Co-op on Wednesday said that hackers had stolen the personal data of all of the company's customers during an April cyberattack. Co-op Group CEO Shirine Khoury-Haq told BBC News that the hackers copied the company's member list of 6.5 million members, but that the Co-op shut down its network before the hackers could lock up its systems with ransomware. The members' data includes names, addresses, and contact information. The retailer's network shutdown subsequently resulted in widespread internal disruption across its U.K. back offices and grocery stores. The breach at the Co-op in April was part of a broader hacking campaign targeting the U.K. retail sector, which also saw the theft of an unspecified amount of customer data from Marks & Spencer and an attempted cyberattack on Harrods. The cyberattacks were attributed to Scattered Spider, a collective of mostly young hackers that use deception tactics to trick companies' IT helpdesks into granting them access to their network. Earlier in July, U.K. authorities arrested four people for allegedly having links to the retail cyberattacks, including a 20-year-old woman, two men aged 19, and a youth aged 17. The four are accused of hacking, blackmail, and participating as a member of an organized crime group. Since the cyberattacks, the hackers reportedly moved on to target the airline and transportation industry, as well as insurance companies — sectors that store vast amounts of consumers' data. It's not known how much the breach at the Co-op will cost it. According to one retail industry news outlet, the Co-op did not have cybersecurity insurance at the time of the hack, which could result in the company incurring heavy financial costs. Sign in to access your portfolio
Sky News
an hour ago
- Politics
- Sky News
Guide to the Afghan data breach: Why scandal has erupted now and what happens next
The safety of tens of thousands of Afghan nationals has been compromised in a massive data breach by the British military that successive governments tried to keep secret. Details about the blunder were only made public on Tuesday, despite it having happened more than three years ago. The cost to the taxpayer could stretch to billions of pounds, as the government pays to relocate thousands of Afghan nationals named in the breach. Here we look at how the leak happened - and how it was covered up for so long - who has been affected, and how much it could cost. What was the data breach? An unnamed official accidentally shared emails with the names and other details of 18,714 Afghan nationals who were applying for a British government relocation scheme in 2022. Taking into account the family members of those named, it is thought up to 100,000 people could be impacted by the breach. The official sent the email in an attempt to verify information, believing the dataset only contained about 150 rows of information - when it actually contained around 33,000. The scheme was to provide asylum for people who had worked with the UK armed forces in the war against the Taliban between 2001 and 2021, who could be at risk of reprisals in Afghanistan. The Taliban, which took full control of Afghanistan in 2021, regards anyone who worked with British or other foreign forces during the previous two decades as a traitor. Why are we only learning about this now? The leak was first discovered by the British military in August 2023, when an anonymous Facebook user posted a small excerpt of the dataset. A super-injunction was imposed in September of that year after the government appealed to the High Court, meaning the media could not report the breach. The government said it made the move in an attempt to keep news of the leak from spreading to the Taliban. It is not clear whether the Taliban has the list - only that the Ministry of Defence (MoD) lost control of the information. Sir Keir Starmer's Labour government inherited the scheme and kept the super-injunction in place. But it was lifted on Tuesday, making the breach reportable for the first time. Defence Secretary John Healey told Matt Barbet on Sky News Breakfast he was " deeply uncomfortable" with the government using a super-injunction, but suggested Labour deemed it necessary to keep in place when they took power to assess "the risks" of making the breach public. 1:51 Why was the super-injunction lifted? A High Court judge's ruling that the injunction could be lifted was based on the findings of an internal review launched at the start of this year by Paul Rimmer, a retired civil servant. The review played down the risk to those whose data was breached should the list fall into the hands of the Taliban. The review said it was "unlikely to substantially change an individual's existing exposure given the volume of data already available". It also concluded that "it appears unlikely that merely being on the dataset would be grounds for targeting" and it is "therefore also unlikely that family members... will be targeted simply because the 'principal' appears... in the dataset". Mr Rimmer said the leak and the subsequent scheme to bring those at risk to the UK can now face "proper scrutiny and accountability". Timeline: How the super-injunction happened April 2021: Initial scheme to relocate Afghans who helped British military during war launched. February 2022: Defence official accidentally leaks emails with details of 18,714 Afghan nationals who applied to be relocated. 14 August 2023: The MoD discovers the leak after seeing details of the emails had been posted by a Facebook user. 25 August 2023: Then defence secretary Ben Wallace applies for a court order after the MoD gets two inquiries about the breach from journalists. 1 September 2023: High Court grants a super-injunction until a hearing scheduled for 1 December, preventing the reporting of the breach and relocation scheme. 23 November 2023: High Court judge Mr Justice Chamberlain gives private judgment saying super-injunction is "is likely to give rise to understandable suspicion that the court's processes are being used for the purposes of censorship". He continues it for four more weeks. 18 December 2023: MoD lawyers say risk to life due to the breach is "immensely serious". Mr Justice Chamberlain extends the super-injunction until February 2024. 15 February 2024: Mr Justice Chamberlain continues the super-injunction, finding a "real possibility that it is serving to protect" some of those identified on the dataset – but acknowledges decisions are being taken "without any opportunity for scrutiny through the media or in Parliament". 21 May 2024: Mr Justice Chamberlain rules super-injunction should be lifted in 21 days, saying there is a "significant possibility" the Taliban already know about the dataset and that it is "fundamentally objectionable" to keep it a secret. 25-26 June 2024: MoD challenges the decision in the Court of Appeal, which rules that the super-injunction should continue for the safety of those affected by the breach. 19 May 2025: The High Court is told by a Manchester-based law firm that it has more than 600 potential clients who may sue the government under data protection laws. 4 July 2025: After an independent review by retired civil servant Paul Rimmer, the government tells the High Court that the super-injunction "should no longer continue". It comes after the review found the breach was "unlikely to profoundly change the existing risk profile" of those named and that the government possibly "inadvertently added more value to the dataset" by seeking the unprecedented super-injunction. How much could the breach cost? In 2023, the government set up a second relocation scheme for Afghans who were affected by the breach but not eligible for the initial relocation scheme. The MoD said the relocation costs directly linked to the data breach will be around £850m. An internal government document from February this year said the cost could rise to £7bn, but an MoD spokesperson said that this was an outdated figure because the government had cut the number of Afghans it would be relocating. 3:16 However, the cost to the taxpayer of existing schemes to assist Afghans deemed eligible for British support, as well as the additional cost from the breach, will come to at least £6bn. Litigation by victims of the breach could add additional cost for the government - in addition to what it has already spent on the super-injunction. What happens now? Some 5,400 Afghans who have already received invitation letters will be flown to the UK in the coming weeks. This will bring the total number of Afghans affected by the breach being relocated to the UK to 23,900. The rest of the affected Afghans will be left behind, The Times reported. Around 1,000 Afghans on the leaked list are preparing to sue the MoD, demanding at least £50,000 each, in a joint action led by Barings Law. Adnan Malik, head of data protection at Barings Law, said: "This is an incredibly serious data breach, which the Ministry of Defence has repeatedly tried to hide from the British public." Despite the government's internal review playing down the risks caused by the data breach, Mr Malik said the claimants "continue to live with the fear of reprisal against them and their families". The Telegraph has reported that a Whitehall briefing note circulated on 4 July warned that the MoD would need to work with the government to prepare to "mitigate any risk of public disorder following the discharge of the injunction".
TechCrunch
2 hours ago
- Business
- TechCrunch
UK retail giant Co-op confirms hackers stole all 6.5 million customer records
The chief executive of U.K. retail conglomerate the Co-op on Wednesday said that hackers had stolen the personal data of all of the company's customers during an April cyberattack. Co-op Group CEO Shirine Khoury-Haq told BBC News that the hackers copied the company's member list of 6.5 million members, but that the Co-op shut down its network before the hackers could lock up its systems with ransomware. The members' data includes names, addresses, and contact information. The retailer's network shutdown subsequently resulted in widespread internal disruption across its U.K. back offices and grocery stores. The breach at the Co-op in April was part of a broader hacking campaign targeting the U.K. retail sector, which also saw the theft of an unspecified amount of customer data from Marks & Spencer and an attempted cyberattack on Harrods. The cyberattacks were attributed to Scattered Spider, a collective of mostly young hackers that use deception tactics to trick companies' IT helpdesks into granting them access to their network. Earlier in July, U.K. authorities arrested four people for allegedly having links to the retail cyberattacks, including a 20-year-old woman, two men aged 19, and a youth aged 17. The four are accused of hacking, blackmail, and participating as a member of an organized crime group. Since the cyberattacks, the hackers reportedly moved on to target the airline and transportation industry, as well as insurance companies — sectors that store vast amounts of consumers' data. It's not known how much the breach at the Co-op will cost it. According to one retail industry news outlet, the Co-op did not have cybersecurity insurance at the time of the hack, which could result in the company incurring heavy financial costs.
