In an age where your personal data is everywhere, it’s easy to become numb to the word “breach”. But for thousands of Afghans who worked alongside British forces, one government mistake turned their lives into a daily game of survival.
What happened in the MOD Afghan data breach?
In August 2021, the Taliban took control of Afghanistan following the withdrawal of UK and US troops. Thousands of people scrambled to flee the country in fear, including those who had worked alongside the British Government and the British Army between 2001 and 2021.
In February 2022, in an astonishing lapse of judgement, a Ministry of Defence (MoD) official mistakenly shared the details of 18,714 Afghan nationals in an email. These individuals had applied to a British government scheme to help those who had worked with British forces relocate. As well as their names and contact details, the leaked database also contained information on some family members.
It is understood that the Taliban was actively searching for Afghan nationals who had assisted British Forces to punish them. It had also threatened to prosecute, interrogate, and punish family members on behalf of individuals who did not give themselves up.
According to recent media reports, some of the people on the email list have now been killed, although it’s not clear if this was as a direct result of the data breach.
The fallout of the Afghan data breach
In August 2023, the names of nine people who had applied to move to the UK appeared on Facebook. The post was reportedly made by a disgruntled Afghan man who had been turned down for relocation.
In response, the MOD applied for an injunction to stop the leak becoming public. The court agreed due to fears that up to 100,000 people could be in danger if the leaked document fell into the hands of the Taliban. Many of those affected by the data breach were not told that they had been compromised.
Since the breach, around 36,000 Afghans have moved to the UK. According to the MoD, that includes over 16,000 individuals deemed at risk because of the leak. However, as of May 2024, around 80,000 people at increased risk were not offered relocation.
What’s happening now?
Three years later, as the injunction is lifted, the full details of what happened are starting to come to light. And, it has now been revealed that the personal data of some special forces and spies were also on the leaked database.
According to a report by the BBC, “Russia, China, Iran or even North Korea may now also be in possession of those leaked names”.
Furthermore, while the government’s official line is that appearing on the leaked database alone is unlikely to result in targeting, many Afghans don’t have the luxury of trusting that assessment. The Taliban certainly won’t be weighing legal nuance when they see a name on a British document.
The reality is simple: these individuals are already vulnerable and the breach made things significantly worse.
A silence that speaks volumes
Perhaps more disturbing than the breach itself is the silence that followed. The superinjunction was used to keep the entire incident quiet, even from the people most at risk. It took over a year for affected individuals to be officially informed, long after parts of the database were reportedly posted online.
When questioned, ministers said that making the breach public could put even more lives at risk. But from where we’re standing, withholding information from people already in danger only adds insult to injury.
Lessons from the chaos
Today, there are serious questions to answer.
How did a government department mishandle such sensitive data in the first place? Why were people kept in the dark? And what protections are in place to make sure something like this never happens again?
Many of those affected are still waiting to be brought to safety. The MoD has confirmed that thousands have been relocated and others will follow, but no firm timeline has been given. Meanwhile, some people are reportedly living in fear, constantly on the move, restricting their lives in any way they can to stay off the radar.
No compensation offered
The MoD has said it will not provide compensation to the people whose lives were put at risk because of this data breach. It also told the BBC it will “robustly defend against any legal action.”
However, at least one UK law firm is gearing up for a fight. And so far, at least 1,000 Afghans have signed up to a data breach lawsuit.
This scandal serves as a sobering reminder that a data breach can have consequences that extend far beyond your inbox. When sensitive information is not treated with the care it deserves, real people pay the price.
If your data was exposed in this breach, we’ll help you find out if you could be eligible for compensation, and if so, connect you with a specialist legal team at no cost to you.
