Latest news with #security risk
.png%3Ftrim%3D0%2C0%2C0%2C0%26width%3D1200%26height%3D800%26crop%3D1200%3A800&w=3840&q=100)
The Independent
4 days ago
- Politics
- The Independent
British spies and special forces soldiers had data leaked in Afghan breach
British spies, special forces soldiers and senior military personnel were among the tens of thousands of people potentially put at risk by the catastrophic Afghan data leak, The Independent understands. The breach, made by a Ministry of Defence official in February 2022, exposed the details of Afghans seeking an escape to the UK because of claimed links to British forces. The huge blunder saw 16,000 Afghans affected by the data breach evacuated to Britain, with some 8,000 still to come, and prompted an unprecedented two-year-long superinjunction preventing the publication of any details. More than 100 names of British government personnel were also exposed by the leak. Defence sources say that these included MI6 spies, members of the SAS, MPs, government ministers, and other senior military figures. Defence secretary John Healey told MPs on Tuesday that 'in a small number of cases, the names of Members of Parliament, senior military officers and government officials were noted as supporting the application'. In a public court hearing in front of a High Court judge on Thursday, Jude Bunting KC said 'it was a matter of surprise to the [media] defendants that the secretary of state was able to report those details we weren't'. He added: 'We can now report those details.' Cathryn McGahey KC, for the government, said that the defence secretary was giving 'urgent consideration' to the wording of an ongoing gagging order on the press, which remains in place. The further revelations come after the Intelligence and Security Committee, an influential group of MPs, demanded answers about why they were not briefed about the Afghan data leak. Lord Beamish PC, chairman of the committee, said that MPs wanted to be provided with the intelligence assessments on which the superinjunction rested for so long. He wanted these to be sent 'immediately' to the committee. And in a statement in response to the Afghan data breach, former armed forces James Heappey said that it was 'gut-wrenching to find out that someone in the MoD had screwed up so awfully', but said the individual was 'incredibly dedicated to those we served with in Afghanistan'. He also said that the department's decision-making on sanctuary applications from former Afghan special forces, known as the Triples, was 'flawed'. He said he 'pushed and pushed with the MoD for clarification in response to what was said in the press, parliament and by campaigners'. 'I said in public what very senior officials and the military had briefed me. It was hugely frustrating that proved to be wrong,' he added.
Telegraph
6 days ago
- Politics
- Telegraph
The most expensive email in history
No email sent in error could ever have been so expensive – or dangerous. A Royal Marine had inadvertently – and, as it would turn out, catastrophically – circulated an email that included a spreadsheet containing the details of 25,000 Afghans, including their family members, who had helped British troops during the war with the Taliban. The email was sent by the soldier, in charge of vetting asylum seekers, to a group of Afghan contacts in the UK that he trusted. He worked out of Special Forces headquarters at Regent's Park Barracks, in central London, under the command of Gen Sir Gwyn Jenkins, the newly appointed First Sea Lord, who led UK Special Forces in Afghanistan. The Royal Marine responsible is understood to have accidentally shared the spreadsheet on two occasions in February 2022. It is not known if he has faced any sanction for the leak. His contacts, in turn, would send the names on to fellow Afghans still in Afghanistan to ensure Britain was only relocating families with a genuine right to resettle in the UK. Sources told The Telegraph that the Royal Marine – who has not been identified – had been instructed to check with trusted Afghans that others applying for the Afghan Relocations and Assistance Policy (Arap) had been part of units that fought alongside British forces. But in sending not just a few names but the whole spreadsheet, thousands of lives were put at risk. The cost of clearing up the mess would be estimated by the government at £7 billion. When journalists, including those at The Telegraph, inquired about the data breach, they were slapped with a super-injunction. By court order, The Telegraph, along with a handful of other news outlets, was prevented from disclosing any details about the error – or even the existence of the injunction itself. At the time the email was sent, the Government was scrambling to make good on a promise to give sanctuary to Afghans, including soldiers and interpreters, who had fought alongside British troops following the invasion in 2001 up until the fall of Kabul to the Taliban in August 2021. The tens of thousands of names on the database were of Afghans who had applied for asylum in the UK under the specially convened Arap scheme. It also included information about Afghans who applied to a similar programme called the Afghan Citizens Resettlement Scheme (ACRS). Their very act of applying for asylum had put their lives in jeopardy. For 18 months, the Ministry of Defence appeared oblivious to the existence of the rogue email, with its spreadsheet sent in error. That all changed on Aug 14 2023, with an anonymous post on Facebook that would send the MoD into a spiral of panic. The MoD only became aware of the leak when that month a member of the public wrote to Luke Pollard, the Labour MP for Plymouth, and James Heappey, a Conservative who was at the time a defence minister, warning them that the spreadsheet had been shared widely online. 'I have a copy of it, so does the Taliban – why doesn't the Arap team?' wrote the person, whose name was redacted in court documents, in the email dated Aug 10 2023. They are understood to be a support worker for Afghans settling in the UK. Extracts from the spreadsheet were then posted on Facebook four days later. In a group used by 1,300 Afghans needing to relocate, some of whom may have been Taliban infiltrators, the user – known only as 'Anonymous Member' – wrote that he was in possession of the database containing records of 25,000 applicants on 33,000 rows of information, adding: 'I want to disclose it.' The user who posted the extracts is understood to have been an Afghan who was sent the database, and whose own asylum claim was later rejected. To show the list was genuine, the Facebook user then posted the personal details of nine Afghans who had applied to the Arap scheme. British diplomatic staff administering the scheme in Pakistan were alerted by another member of the Facebook group; alarm bells began to ring. Spies scramble to delete list By the afternoon of Aug 14, the relocation team in Islamabad had circulated an email to some 1,800 Afghans in Pakistan, warning them: 'We have been informed there may have been a potential data breach of your contact information.' Some of those affected told the British Council they had been contacted by Iranian phone numbers on WhatsApp asking them to disclose scans of their passports. However, Whitehall officials chose not to inform any individuals waiting in Afghanistan or elsewhere about the breach, because it was felt it would increase the risk of the Taliban getting hold of it. Spies, meanwhile, sought to delete any trace of the list from servers overseas. The posts were deleted within three days after officials from the MoD contacted Meta, Facebook's owner. The Metropolitan Police was informed in August 2023, but it was decided a criminal investigation was not necessary. It is understood that individuals in the UK and Pakistan are still in possession of the database, and in at least one case it has changed hands for a large sum of money, understood to be five figures. By 10am on Aug 15, an email was sent to Mr Heappey, the armed forces minister at the time, with the alarming subject title: 'ARAP families, imminent threat to life.' The sender of the email – whose name has been redacted in court documents – explained that they were now aware of the data breach. 'The fact that the Taliban may be in possession of 33,000 Arap applications, including the primary applicants' phone numbers and all the case evidence, is simply bone chilling,' claimed the email. It is unclear what, if any, was Mr Heappey's response. Or indeed if he saw the email. By 8.09pm, at a time when the MoD's top brass would have gone home for the day, a senior official in charge of data governance circulated an official crisis alert to them, confirming the data breach. But it wasn't clear at that stage how the database had got into rogue hands. The question, an unnerving one for the Government, was whether this could have been an illegal hack. The intelligence services, including GCHQ and MI6, were briefed by the Foreign Office and asked to examine whether a hostile state could have been responsible. The CIA was also brought into the loop. Days later, officials realised the stark truth of the accidental leak. From then on, the Government went into crisis mode. Freelance journalist David Williams, who had previously worked with the Daily Mail on a campaign to resettle Afghan interpreters, was made aware of the breach. He contacted the MoD for comment, and other journalists soon got wind of it. D-Notice issued The Government decided that any whiff of the spreadsheet could put lives in danger, and the MoD issued a so-called D-Notice requesting that newspapers refrain from reporting the breach. D-Notices are advisory only and not legally binding. Meanwhile, inside the government, ministers were in a race against time to get to Afghans identified on the spreadsheet before the Taliban could. Ben Wallace, the defence secretary at the time, who had already announced in July his intention to resign, was incandescent. He had been concerned about data safety and could not believe that such a lackadaisical breach could have been allowed to occur. A Cobra meeting was convened in Whitehall in response. Present, according to reports, was Sir Gwyn, the head of Special Forces at the time, and the most senior soldier present. According to reports, one minister asked Sir Gwyn if he or Admiral Sir Tony Radakin, the chief of the defence staff, should resign. Sir Gwyn, according to reports, responded: 'Certainly not.' On Aug 25 2023, in one of his last acts as defence secretary, Wallace applied to the High Court for an injunction to prevent the leak becoming public. A week later, on Sept 1 – by which time Grant Shapps had been installed as his successor – the High Court granted a super-injunction 'contra mundum', meaning 'against the world', that prevented anybody knowing about the leak and the existence of the injunction itself. It was the first time such a draconian injunction had been used by a UK government against the British press. When The Telegraph inquired about the breach late last year, our journalists were slapped with the same order. By now, the government was running two operations. One was to stop the story getting out, and the other was to get the Afghans out of their home country and to the safety of the UK. Ministers launched Operation Rubific that would aim to bring thousands of Afghan families most at risk to the UK, largely via Pakistan. In towns up and down the country, Afghans were quietly resettled and their numbers kept off the official books, after being flown into the UK on specially arranged flights. Mr Justice Robin Knowles, the High Court judge who granted the super-injunction, accepted his ruling would infringe 'freedom of expression and of the press,' but insisted that 'the impact is justified in the particular and exceptional circumstances of this case including the risk to life and of torture'. Instead of being granted against a named individual, or news organisation, the injunction banned anybody at all who learnt of the leak from talking about it. Parliament kept in the dark With news reporting banned, Parliament was kept in the dark – although the Speakers of both the Lords and Commons, Lord McFall and Sir Lindsay Hoyle respectively – were secretly told so they could decide how to handle any Parliamentary questions to ministers about it. John Healey, then the shadow defence secretary, tabled just such a question on Dec 13 2023. In that month, the Information Commissioner had fined the MoD £350,000 for leaking the details of more than 200 Arap applicants. Mr Healey asked if the watchdog was investigating any similar breaches. A brief answer from Mr Heappey said there were two 'live investigations', confirming the Labour member's suspicions. The Telegraph understands that Mr Heappey then met his Labour counterpart that month to reveal all to him. Yet Mr Healey was also served with the super-injunction at the meeting – meaning he could not even tell Sir Keir Starmer, the leader of the opposition at the time, let alone the shadow chancellor. The intelligence and security committee and the Commons defence select committee were both kept in the dark. 'I would not widen [the] circle by briefing others,' said Shapps in a civil service memo dated November 2023. The chairman of the public inquiry into alleged extrajudicial killings of Afghans by members of the SAS was also kept in the dark. Democratic accountability had seemingly been thwarted. Thanks to the court order, the MP could ask no further public questions about the leak, nor question ministers' and officials' handling of it in deciding to bring all the directly-affected Afghans to the UK. At the time, sources suggested, the MoD's estimate of the total cost of bringing Afghans to Britain was in the region of £4 billion. It would rise to £7 billion, before being revised down to £6 billion, an extraordinary sum all the same. By May 2024, a Cabinet sub-committee chaired by the deputy prime minister – at the time, Oliver Dowden – had decided to allow 11,500 Afghans into Britain as a result of the leak, yet this had not been announced to Parliament nor subjected to any public scrutiny. The money to do so was drawn from the Treasury's reserve funds and not the MoD, Home Office or Department for Communities and Local Government's budgets, The Telegraph understands. At about the same time, Mr Justice Chamberlain, who had taken over the legal case, ruled the injunction ought to be lifted, prompting an immediate appeal by the MoD. Court of Appeal judges agreed with the government and said the gag order had to remain in place. Meanwhile, July's general election saw a change of government. Initially, Labour kept things exactly as they were under their Tory predecessors, with MoD lawyers continuing to insist to the High Court that any public mention of the leak would be lethally disastrous. Mr Healey, by now Defence Secretary, continued to toe the MoD line and stay silent on the breach. The injunction would remain in place for another year after Labour took charge. Officials and politicians continued to maintain that any public knowledge of the breach would somehow inspire the Taliban to go look for the spreadsheet. Yet by January this year, a retired civil servant, Paul Rimmer, the former deputy head of Defence Intelligence, had been commissioned to review the risks. By April, The Telegraph understands, ministers were aware that he was likely to find that if the data breach became public knowledge, it would not substantially increase the risks to those mentioned in it. In his review, Mr Rimmer concluded that 'early concern about the extent of the Taliban intent to target [certain individuals] has diminished. There is little evidence of intent by the Taliban to conduct a campaign of retribution… Killings are undoubtedly still occurring, and human rights violations remain extensive, but it is extremely difficult to determine the causes of individual killings or detentions.' The system set up to fly in Afghans, without any public knowledge of the scheme as a result of the data breach, was now 'disproportionate to the actual impact of the data loss were it to fall into the Taliban's hands '. By the time of the review, 16,156 individuals affected by the breach in 2022 had reached the safety of the UK. But it is only now that The Telegraph and other newspapers can tell that story. An Afghan man now living in Britain is said to be the person who threatened to share the list. According to the Daily Mail, he is in the UK with at least seven relatives.
The Independent
6 days ago
- Politics
- The Independent
Defence secretary issues apology over MoD data breach which put thousands of lives at risk
Defence secretary John Healey has offered a "sincere apology' following a data breach that put the lives of nearly 100,000 Afghans at risk of being killed by the Taliban. Speaking to MPs in parliament on Tuesday (15 July), Mr Healey revealed that a leaked spreadsheet which contained the details of 25,000 Afghan asylum applicants, as well as MPs and senior military officers, was mistakenly sent out in February 2022. He said: 'This serious data incident should never have happened. 'It may have occurred three years ago under the previous government, but to all those whose information was compromised, I offer a sincere apology today on behalf of the British Government, and I trust the shadow defence secretary, as a former defence minister, will join me.'
