MoD contractor data breach exposes thousands more Afghan nationals

Up to 3,700 people exposed after breach at subcontractor Inflite

Thousands of Afghan citizens who were relocated to the UK may have had their personal information exposed following another Ministry of Defence (MoD)-linked data breach.

According to the government, the latest incident has potentially compromised the details of up to 3,700 Afghans who arrived in the UK between January and March 2024 under the Afghan Relocations and Assistance Policy (ARAP). Information exposed is understood to include names and passport details.

We reported back in July that the personal details of more than 19,000 Afghans were revealed in a previous Afghan data breach two years ago. Unlike the previous incident, however, this breach did not originate in the MoD itself. Instead, it stemmed from a cybersecurity lapse at Inflite - The Jet Centre, a subcontractor providing ground handling services at London Stansted Airport. The company supports MoD flights transporting Afghan nationals, British troops and government officials, as well as routine military exercises and official travel.

Those believed to be affected were notified by the MoD on Friday. Reports also suggest that several former Conservative ministers may be among those impacted.

Speaking on Newsnight and reported by the BBC, Sir Mark Lyall Grant, former UK national security adviser, called both breaches “deeply embarrassing” for the British government.

He added that while checks for relocation are necessary, it falls to the British government to "honour the commitment they made".

“We do need to move faster to protect people who genuinely are at risk of being victimised and persecuted by the Taliban if they go back,” he said.

Conservative MP and former chancellor Kwasi Kwarteng said the data breaches were “very serious” and “really concerning” for people facing deportation back to Afghanistan.

Liberal Democrat defence spokesperson Helen Maguire accused the government of “staggering incompetence and clearly inadequate security standards,” as she called for an immediate investigation into the security breaches.