The Ministry of Defence (MoD) removed safeguards designed to prevent sensitive data leaks years before a severe breach exposed thousands of Afghans’ records, The i Paper can reveal.
A former senior military source said the MoD’s decision to scrap controls on emails to non-MoD staff, along with a reduced understanding of IT, paved the way for a defence official to mistakenly leak a list containing the personal information of nearly 19,000 Afghans, putting lives at risk.
The source, who helped manage the fallout from the leak while at the MoD, warned the incident represented the “eroding” importance placed on data protection and operational security at the department.
square LGBTQ ExclusiveLGBT Afghans ‘at higher risk of torture and murder’ due to UK data breach
Read More
Defence and security insiders spoke to The i Paper and described a culture at the MoD where essential safeguards mitigating against this type of leak were stripped away, IT literacy and security awareness has declined and bitter infighting between departments has undermined an effort to patch up mistakes.
They also claimed that Britain’s rushed effort to resettle Afghan nationals in the wake of the leak descended into chaos amid poor planning, internal disputes and questionable vetting over who should be brought into the country.
One former senior MoD official said there was “a lot of argument internally” over who “should and shouldn’t be coming back” to the UK.
The culture at the MoD has come under the spotlight after it was revealed the individual who leaked the information still works for the department, with Defence Secretary John Healey saying: “This is bigger than the actions of a single individual.”
Afghans arrive in the UK after being airlifted out of an unnamed third country by the RAF via the ARAP scheme (Photo: PA)In February 2022, a defence official working at the Special Forces headquarters accidently leaked the list of Afghans who had applied to move to Britain. It was sent externally to a number of Afghans living in the UK.
As the people on the list had worked for or with the UK Government, they were at risk of reprisals once the Taliban returned to power in Kabul in 2021.
One of the reasons for the leak may be that over the past decade, the level of training and emphasis on staff’s knowledge of IT systems within the MoD has steadily eroded, the former senior MoD official said.
They said the “assumption that everybody’s got a baseline competence” meant MoD staff may not be given the right level of training to handle digital information.
Crucially, safeguards designed to mitigate exactly this kind of breach were removed just years before, in 2018, the source said.
Before that point, MoD systems would block any email sent outside its secure network unless the sender deliberately typed “Release/Authorised” into the subject line.
The measure was intended to protect sensitive information from accidental leaks, but it was abandoned after staff reportedly complained it was “inconvenient”. The source added that now there are “zero” safeguards in place.
It is understood that in January 2025, the MoD introduced new software to securely share data outside of central government and staff have regular mandatory data and information management training.
Defence secretary John Healey said he was “deeply concerned” about the lack of transparency about the leak of Afghans’ data by the MoD. (Photo: House of Commons/UK Parliament/PA)A separate UK intelligence source focusing on cyber security said the effect of the data breach has been profound.
The fallout from the mistake will “erode” public trust in the Government’s ability to tackle other security issues, they said.
They added that the revelation about the lack of protections over sensitive data is likely to “raise further questions” about the potential for further leaks within the MoD.
While this is the largest MoD breach involving Afghan nationals, it is not the first. In September 2021, human error led to the personal data of 265 Afghans who had worked with British forces being accidentally shared with hundreds of others on the same email distribution list.
In December 2023, the UK Information Commissioner fined the MoD £350,000, describing the breach as “egregious” and warning it could have been life-threatening.
Earlier this month, the MoD offered compensation of up to £4,000 to Afghans affected by the 2021 data mishap – four years later.
A turf war between agencies
The most recent data fiasco sparked a scramble to resettle Afghan nationals.
Government departments and Britain’s intelligence and security agencies had to work together to decide who to bring to the UK. But the classified nature of the information they were dealing with made it hard to vet individuals, according to sources.
Although this led to internal arguments, the former MoD source, who was senior in the department at the time of the leak, said: “There was a level of diligence that was taking place to make sure we just weren’t accepting every application on a whim.”
It comes amid concerns over how thoroughly the thousands of people brought to the UK were vetted.
British Marines run towards a Taliban position in Afghanistan during a British commando offensive in 2007 (Photo: John Moore/Getty)Hurried vetting process
Defence Secretary John Healey said that Afghans arriving in the UK through the Afghanistan Response Route, set up after the data leak, “undergo strict national security checks before being able to enter our country”.
But a senior military intelligence source suggested vetting at one point was little more than “sending the list out to blokes in-country [Afghanistan] and asking what they think”.
“Or at least at one point it did.”
Another UK intelligence source questioned whether proper checks were ever feasible given the urgency and disorder of the withdrawal.
“Could you even do them properly? Particularly given the chaotic manner in which the withdrawal was carried out.”
A Government source said anyone who arrives in the UK undergoes robust security and immigration checks.
For the thousands of Afghans whose identities were exposed – many of whom trusted Britain enough to fight alongside its forces – the consequences of the data breach remain unclear.
Meanwhile, the MoD must answer questions about the security of sensitive data, the competence of Whitehall to handle complex emergencies and the human risks created by its decision making.
A MoD spokesperson said: “This Government has taken major steps to tighten protocols and ensure accountability across Government.
“We have introduced new secure software, upgraded the data training offer, and appointed a new Chief Information to lead efforts to straighten data protection across the department.”
Hence then, the article about crucial mod email safety check was scrapped before afghan data leak was published today ( ) and is available on inews ( Middle East ) The editorial team at PressBee has edited and verified it, and it may have been modified, fully republished, or quoted. You can read and follow the updates of this news or article from its original source.
Read More Details
Finally We wish PressBee provided you with enough information of ( Crucial MoD email safety check was scrapped before Afghan data leak )
Also on site :
- Germany’s Merz changes stance on Russia
- Tokyo's Yamanote Line suspended due to power outage
- Tokyo's Yamanote loop line trains out of service due to power outage