Leaked spreadsheet exposes details of UK Special Forces soldiers

The document was not password-protected and contained no protective markings

A leaked spreadsheet circulating around WhatsApp has exposed the personal details of more than one thousand UK Special Forces soldiers, which are meant to remain secret.

The Register, which has seen the leaked spreadsheet, says it contains details of 1,182 British soldiers who were recently promoted from corporal to sergeant. Some included soldiers posted in sensitive units, such as the Special Reconnaissance Regiment, Special Boat Service and Special Air Service.

The Excel spreadsheet was likely leaked by mistake by a Ministry of Defence (MoD) employee. The document was neither password-protected nor contained any government protective markings such as 'secret' or 'confidential'. However, there was a one-line warning, saying 'NOT TO BE DISCLOSED BEFORE 0900 HOURS UK LOCAL 03 JUN 21.'

Analysis of the leaked document showed that it was last modified late Tuesday morning by a corporal working for one unit's Regimental Career Management Officer (RCMO).

While the MoD does not disclose publicly details of soldiers' current unit, the leaked document revealed the names of both current and former units, under separate headings of 'capbadge' and 'unit'. It exposed details of non-Special Forces units, as well as the names and unique service numbers of newly promoted senior non-commissioned officers.

It also contained details of personnel posted to 18 Signals Regiment and communications experts at SAS and SBS.

"We are aware that the Corporal to Sergeant Promotion Board results have been obtained by some media outlets," an Army spokesperson told The Register.

"The results of this Board are not due for release internally in MoD until 3rd June. The leak of this information to media outlets is being investigated by the MoD and it would be inappropriate to comment further at this time."

A former Army source said it was a normal practice to share details of newly promoted soldiers in spreadsheets accessible by the entire British Army, although the documents are normally password-protected and kept on the intranet.

The latest in a list of MoD insecurities

This is not the first instance of a data breach at the Ministry of Defence.

Earlier this year, the MoD disclosed in its annual report that data loss incidents hitting the Ministry in 2019-20 increased by 18 per cent compared to the previous year.

The MoD's report covered all security incidents from 1st April 2019 to 31st March 2020.

Most of the breaches pertained to the inadequate storage of devices, electronic equipment and documents, according to think tank Parliament Street.

In total, there were 546 incidents of potential data breaches reported in the financial year 2019-20, compared to 463 in 2018-19.

In one incident, in July 2019, a sub-contractor improperly disposed of confidential documents, resulting in the unauthorised disclosure of the personnel data of two former employees.

In another incident, also in July 2019, unauthorised access to patient notes led to the disclosure of one employee's dental health data.

In a much more serious incident in 2008, the MoD lost a hard drive containing the private details of thousands of Army, Navy and RAF personnel.

At the time, Downing Street described the loss of data as 'regrettable'.