Ministry of Defence (MoD)

The Ministry of Defence (MoD) exposed the personal information of approximately 18,700 Afghans, including names and contact details, due to a catastrophic data leak. The breach occurred when an MoD official emailed a secret database to trusted contacts in February 2022. The leak was discovered after parts of the database were posted online in August 2023. The government attempted to keep the breach secret using a superinjunction, but eventually notified those affected. The breach has put lives at risk, particularly from Taliban reprisals, and has caused significant distress and safety concerns for the affected individuals, many of whom are still awaiting relocation to the UK.

Source: https://www.independent.co.uk/news/uk/home-news/afghan-data-leak-breach-superinjunction-b2790860.html

TPRM report: https://www.rankiteo.com/company/ministry-of-defence_india

"id": "min907080725",
"linkid": "ministry-of-defence_india",
"type": "Breach",
"date": "2/2022",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"

{'affected_entities': [{'customers_affected': '18,700 Afghans',
                        'industry': 'Defense',
                        'location': 'United Kingdom',
                        'name': 'UK Ministry of Defence',
                        'type': 'Government'}],
 'attack_vector': 'Human Error',
 'customer_advisories': 'Email notifications to affected individuals',
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '18,700',
                 'personally_identifiable_information': 'Names and contact '
                                                        'details',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Personal information'},
 'date_detected': '2023-08',
 'date_publicly_disclosed': '2024',
 'description': 'A catastrophic data leak by the UK Ministry of Defence '
                'exposed the personal information of around 18,700 Afghans, '
                'including names and contact details. The breach occurred when '
                'an MoD official emailed a secret database to trusted contacts '
                'in February 2022. The leak was discovered after parts of the '
                'database were posted online in August 2023. The breach put '
                'many lives at risk, particularly from Taliban reprisals.',
 'impact': {'brand_reputation_impact': 'Significant damage to trust in the UK '
                                       'government',
            'data_compromised': 'Personal information including names and '
                                'contact details',
            'identity_theft_risk': 'High',
            'operational_impact': 'Increased risk to affected individuals, '
                                  'relocation of 16,000 Afghans to the UK'},
 'investigation_status': 'Ongoing',
 'post_incident_analysis': {'root_causes': 'Human error in emailing a secret '
                                           'database'},
 'references': [{'source': 'The Independent'}],
 'response': {'communication_strategy': 'Email notifications and public '
                                        'disclosure after lifting the '
                                        'superinjunction',
              'containment_measures': 'Superinjunction to keep the breach '
                                      'secret',
              'incident_response_plan_activated': 'Yes',
              'recovery_measures': 'Relocation of affected individuals to the '
                                   'UK',
              'remediation_measures': 'Email notifications to affected '
                                      'individuals'},
 'title': 'UK Ministry of Defence Data Leak',
 'type': 'Data Breach'}