2 days ago
Second Afghan data breach creates new headache for Government after thousands 'had personal details exposed'
Another major data breach has created a new headache for the Government after a sub-contractor admitted that thousands of Afghans brought to safety in Britain had their personal details exposed.
Up to 3,700 people who travelled to the UK from Afghanistan between January and March 2024 have potentially been impacted.
It comes just weeks after it was revealed that the information of 19,000 Afghans who had applied to live in Britain following the Taliban's takeover of Afghanistan in 2021 were mistakenly leaked by a British official.
The scandal led to thousands of Afghans being secretly relocated to the UK, the details of which were uncovered last month after a two-year super-injunction was lifted by the High Court.
On Friday, it emerged that information from the Afghan Relocations and Assistance Policy (ARAP) were compromised again.
The Inflite Group — an MoD supplier that provides ground handling services at London Stansted Airport — said it suffered a cyber-security incident.
However, the Government said it "has not posed any threat to individuals' safety, nor compromised any government systems"
The flights were used to transport Afghans to the UK. It was also used to fly British troops and officials.
Defence Secretary John Healey offered a "sincere apology" for the first data breach, saying he was "deeply concerned about the lack of transparency', adding: "No government wishes to withhold information from the British public, from parliamentarians or the press in this manner."
A Government spokesman said of Friday's breach: "We were recently notified that a third-party sub-contractor to a supplier experienced a cyber security incident involving unauthorised access to a small number of its emails that contained basic personal information.
"We take data security extremely seriously and are going above and beyond our legal duties in informing all potentially affected individuals. The incident has not posed any threat to individuals' safety, nor compromised any government systems."
Infinite said: "We have reported the incident to the Information Commissioner's Office and have been actively working with the relevant UK cyber authorities, including the National Crime Agency and the National Cyber Security Centre, to support our investigation and response,.
"We believe the scope of the incident was limited to email accounts only, however, as a precautionary measure, we have contacted our key stakeholders whose data may have been affected during the period of January to March 2024."
