In 2022, the UK Ministry of Defense (MoD) suffered a severe data breach when a British soldier accidentally sent a spreadsheet containing sensitive personal information of up to **19,000 Afghans** (with risks extending to **100,000 individuals**) seeking relocation to Britain. The exposed data included details of individuals linked to British special forces and government operations, placing them at extreme risk under Taliban rule. The breach occurred due to inadequate data handling—reliance on **Excel spreadsheets stored on SharePoint**—and went undetected for over a year until an Afghan recipient threatened to publish the file on Facebook in **August 2023**.The incident triggered a **secret multibillion-pound extraction operation**, a **superinjunction** (the longest ever issued), and left thousands of Afghans stranded in danger. Investigations revealed systemic failures: the MoD had ignored prior warnings about data vulnerabilities, used inappropriate systems for sensitive information, and withheld details from parliamentary oversight bodies. The breach compromised **national security**, endangered lives, and exposed critical flaws in the MoD’s cybersecurity and crisis response protocols. Nearly **30,000 affected individuals** have since been resettled or are awaiting relocation, but accountability remains unclear.
Source: https://www.arabnews.com/node/2622615/world
UK Ministry of Defence cybersecurity rating report: https://www.rankiteo.com/company/uk-ministry-of-defence
"id": "UK-0993709111425",
"linkid": "uk-ministry-of-defence",
"type": "Breach",
"date": "6/2022",
"severity": "100",
"impact": "8",
"explanation": "Attack that could bring to a war"{'affected_entities': [{'customers_affected': 'up to 100,000 Afghans (19,000 '
'directly exposed)',
'industry': 'defense',
'location': 'United Kingdom',
'name': 'UK Ministry of Defense (MoD)',
'type': 'government ministry'},
{'customers_affected': '19,000 (directly exposed); '
'~100,000 at risk',
'location': ['Afghanistan', 'United Kingdom'],
'name': 'Afghan applicants for UK relocation',
'type': 'individuals'}],
'attack_vector': 'accidental disclosure (human error)',
'customer_advisories': ['limited communication to affected Afghans due to '
'security risks'],
'data_breach': {'file_types_exposed': ['Excel spreadsheet (.xlsx)'],
'number_of_records_exposed': '19,000 (directly); up to '
'100,000 at risk',
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (life-threatening risk to '
'exposed individuals)',
'type_of_data_compromised': ['personal identifiable '
'information (PII)',
'names',
'contact details',
'association with UK special '
'forces/government operations']},
'date_detected': '2023-08',
'date_publicly_disclosed': '2024-07-19',
'description': 'The UK Ministry of Defense (MoD) suffered a significant data '
'breach in 2022 when a British soldier mistakenly sent a '
'spreadsheet containing sensitive personal information of up '
'to 19,000 Afghans seeking relocation to Britain. The breach '
'exposed data of individuals connected to British special '
'forces and government operations, placing up to 100,000 '
'Afghans at risk. The incident was discovered in August 2023 '
'when an Afghan recipient threatened to publish the data on '
'Facebook. The MoD was criticized for inadequate data handling '
'practices, reliance on Excel spreadsheets, and failure to '
'implement proper safeguards despite prior awareness of '
'vulnerabilities. A secret multibillion-pound extraction '
'effort was initiated, and a superinjunction was imposed to '
'suppress details of the breach.',
'impact': {'brand_reputation_impact': ['loss of public trust',
'criticism from lawmakers',
"lack of confidence in MoD's data "
'handling'],
'data_compromised': ['personal information of ~19,000 Afghans',
'potential risk to ~100,000 individuals'],
'identity_theft_risk': ['high (for Afghans connected to UK '
'operations)'],
'legal_liabilities': ['superinjunction (longest ever issued)',
'potential legal risks for exposed '
'individuals'],
'operational_impact': ['secret multibillion-pound extraction '
'effort',
'superinjunction imposed',
'delayed relocation processing'],
'systems_affected': ['SharePoint system', 'Excel spreadsheets']},
'investigation_status': 'completed (parliamentary report published)',
'lessons_learned': ['Inadequate systems (Excel/SharePoint) for handling '
'sensitive data at scale',
'Failure to implement safeguards despite known '
'vulnerabilities',
'Lack of transparency with oversight bodies during crisis',
'Need for improved data access controls and validation '
'processes',
'Importance of timely breach detection and response'],
'post_incident_analysis': {'corrective_actions': ['Lifting of superinjunction '
'for transparency',
'Review of data handling '
'practices (ongoing)',
'Relocation efforts for '
'affected individuals',
'Parliamentary oversight '
'and recommendations'],
'root_causes': ['Use of inappropriate tools '
'(Excel/SharePoint) for sensitive '
'data',
'Lack of validation for hidden '
'data in spreadsheets',
'Failure to scale safeguards with '
'increasing data volume',
'Inadequate breach detection '
'mechanisms',
'Cultural issues around '
'transparency and accountability']},
'recommendations': ['Replace Excel/SharePoint with secure, scalable data '
'management systems',
'Implement stricter access controls and audit trails for '
'sensitive data',
'Enhance training for personnel handling high-risk '
'information',
'Establish clearer protocols for breach disclosure to '
'oversight bodies',
'Conduct regular vulnerability assessments for data '
'handling processes'],
'references': [{'date_accessed': '2024-07-19', 'source': 'The Times'},
{'date_accessed': '2024-07-19',
'source': 'House of Commons Public Accounts Committee Report'},
{'date_accessed': '2024-07-19',
'source': "Reuters - 'UK lawmakers slam ‘chaotic’ MoD over "
"Afghan data breach'",
'url': 'https://www.reuters.com/world/uk/uk-lawmakers-slam-chaotic-mod-over-afghan-data-breach-2024-07-19/'}],
'regulatory_compliance': {'legal_actions': ['superinjunction (later lifted)'],
'regulatory_notifications': ['delayed notification '
'to parliamentary '
'committees']},
'response': {'communication_strategy': ['initial secrecy under '
'superinjunction',
'limited disclosure after injunction '
'lifted',
'parliamentary report'],
'containment_measures': ['superinjunction to suppress data '
'publication',
'secret extraction efforts for affected '
'individuals'],
'incident_response_plan_activated': True,
'recovery_measures': ['relocation of ~30,000 affected '
'individuals to UK',
'review of data handling practices']},
'stakeholder_advisories': ['House of Commons Public Accounts Committee',
'Intelligence and Security Committee (delayed '
'notification)'],
'title': 'UK Ministry of Defense Afghan Relocation Data Leak (2022)',
'type': ['data breach', 'unauthorized disclosure', 'human error'],
'vulnerability_exploited': ['inadequate data handling practices',
'use of Excel spreadsheets for sensitive data',
'lack of access controls',
'hidden rows in spreadsheet']}