11 hours ago
2
A massive data breach by the Ministry of Defence has put the lives of around 20,000 Afghan nationals as well as their families “at risk of serious violence”, it can be revealed.
Details about the blunder can finally be made public after a judge lifted a super injunction that had been sought by the government.
Barings Law accused the Ministry of Defence of trying to hide the truth from the public.
As well as the human cost, the scandal will likely leave the British government - and taxpayers - liable for large sums of money in compensation and support to those affected.
The government is expected to make a statement to parliament imminently.
The disaster is thought to have been triggered by the careless handling of an email that contained a list of the names and other details of around 20,000 Afghan nationals, who had been trying to apply to a British government scheme to support those who helped or worked with UK forces in Afghanistan that were fighting the Taliban between 2001 and 2021.
The collapse of the western-backed Afghan government that year, saw the Taliban return to power. The new government regards anyone who worked with British or other foreign forces during the previous two decades as a traitor.
The source said a small number of people named on the list are known to have subsequently been killed though it is not clear if this was a direct result of the data breach.
It is also not clear whether the Taliban has the list - only that the Ministry of Defence lost control of the information.
Adnan Malik, head of data protection at Barings Law, said: "This is an incredibly serious data breach, which the Ministry of Defence has repeatedly tried to hide from the British public.
"It involved the loss of personal and identifying information about Afghan nationals who have helped British forces to defeat terrorism and support security and stability in the region.
"A total of around 20,000 individuals have been affected, putting them and their loved ones at serious risk of violence from opponents and armed groups."
The law firm is working with around 1,000 of those impacted "to pursue potential legal action".
It is thought that only a minority of the names on the list - about 10 to 15% - would have been eligible for help under the Afghan Relocation and Assistance Policy (ARAP).
However, the breach means a much larger pool of people now potentially have a claim to request assistance or even to leave Afghanistan, fearing for their own security.
"Through its careless handling of such sensitive information, the Ministry of Defence has put multiple lives at risk, damaged its own reputation, and put the success of future operations in jeopardy by eroding trust in its data security measures," Mr Malik said.
"Our claimants continue to live with the fear of reprisal against them and their families, when they should have been met with gratitude and discretion for their service. We would expect substantial financial payments for each claimant in any future legal action. While this will not fully undo the harm they have been exposed to, it will enable them to move forward and rebuild their lives."
While the Ministry of Defence's data breach is by far the largest involving Afghan nationals, it is not the first.
Earlier this month, the MOD said Afghans impacted by a separate mistake could claim up to £4,000 in compensation four years after the incident happened.
Human error resulted in the personal information of 265 Afghans who had worked alongside British troops being shared with hundreds of others who were on the same email distribution list in September 2021.
In December 2023 the UK information commissioner fined the Ministry of Defence (MoD) £350,000 and said the "egregious" breach could have been life-threatening.
English (US)