Just weeks after the UK government finally revealed the 2022 MoD leak that exposed the personal details of nearly 19,000 Afghans, a second data breach has come to light. This time involving Afghans now resettled in Britain.
The latest breach was caused by a third-party sub-contractor working at London Stansted airport. For the thousands of people affected, it’s yet another blow to their safety, privacy, and trust in the system meant to protect them.
What happened this time?
The breach occurred at Inflite The Jet Centre, a sub-contractor responsible for providing ground-handling services for flights at Stansted. According to reports, the company suffered a cyber-security incident that led to the unauthorised access of personal data including:
- Names
- Passport details
- Dates of birth
- ARAP (Afghan Relocations and Assistance Policy) reference numbers.
The breach potentially affects up to 3,700 people, including Afghan evacuees who travelled to the UK between January and March 2024. An email sent by the MoD to those affected claims the breach “has not posed any threat to individuals’ safety” and that no data has been publicly released.
The leak may have also exposed personal information belonging to civil servants, soldiers on routine exercises and journalists.
Why this matters
For many Afghan families, being named in any compromised database, especially one linked to UK military activity, can be a genuine matter of life or death.
Professor Sara de Jong of the Sulha Alliance, which supports Afghan interpreters, called the incident “astonishing”. Speaking to the BBC, she added: “The last thing Afghans – who saved British lives – need is more worries about their own and their families’ lives.”
A pattern of failure
This second breach comes just weeks after it was revealed that nearly 19,000 people had their details leaked by the MoD in 2022. That incident was kept secret under a super-injunction until July 2025 and has already triggered a wave of legal claims and public outrage.
With two major breaches in as many years, trust in the UK’s ability to protect its Afghan allies is wearing thin. While the MoD insists that data security is taken “extremely seriously”, the facts tell a different story. This latest breach may not involve government servers directly, but it still exposes sensitive data under government contracts, and it still puts real people at risk.
As legal firms continue to build compensation cases for the original breach, this second incident could widen the scope of potential claims.
What can you do now
We’re tracking this story closely as more details come to light. If you want to stay updated on the latest developments – including any new legal action – check your eligibility today.
