A severe **data breach** at the UK’s **Ministry of Defence (MoD)** in **February 2022** exposed a spreadsheet containing **33,000 records** of Afghan nationals seeking UK resettlement, including interpreters, military personnel, and their families. The leaked data—later found in a **Facebook group in August 2023**—put up to **100,000 lives at risk** of Taliban retaliation, including torture and execution. The MoD failed to detect the breach for **18 months**, concealed it under a **superinjunction**, and spent **£7bn on a secret evacuation program** (with only **3,383 of 27,278 affected individuals resettled** as of 2024). The breach stemmed from **inadequate data controls**, repeated failures to learn from prior incidents, and **deliberate obfuscation**—including withholding details from the **National Audit Office (NAO)**. MPs warned the MoD’s systemic failures increase the risk of **recurrence**, while Afghan allies remain stranded in hiding. The financial and humanitarian fallout remains unresolved, with **£850m in unaccounted costs** and ongoing delays in resettlement.
TPRM report: https://www.rankiteo.com/company/uk-ministry-of-defence
"id": "uk-3062530111425",
"linkid": "uk-ministry-of-defence",
"type": "Breach",
"date": "2/2022",
"severity": "100",
"impact": "8",
"explanation": "Attack that could bring to a war"{'affected_entities': [{'customers_affected': 33000,
'industry': 'Defence/Public Sector',
'location': 'United Kingdom',
'name': 'UK Ministry of Defence (MoD)',
'type': 'Government Department'},
{'customers_affected': 100000,
'location': 'Afghanistan/UK',
'name': 'Afghan Nationals (Resettlement Applicants)',
'type': 'Individuals'},
{'industry': 'Public Sector Oversight',
'location': 'United Kingdom',
'name': 'National Audit Office (NAO)',
'type': 'Government Watchdog'}],
'attack_vector': ['Human Error (Misaddressed Email)',
'Inadequate Access Controls',
'Lack of Data Encryption'],
'customer_advisories': ['Limited; affected Afghans reported lack of direct '
'communication'],
'data_breach': {'data_encryption': 'None (implied by breach details)',
'data_exfiltration': ['Spreadsheet emailed externally',
'Data surfaced on Facebook group '
'(2023)'],
'file_types_exposed': ['Spreadsheet (CSV/Excel)'],
'number_of_records_exposed': 33000,
'personally_identifiable_information': ['Names',
'Contact Details',
'Resettlement Status',
'Family Links'],
'sensitivity_of_data': 'Extremely High (life-threatening risk '
'to Afghans)',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Resettlement Application Data',
'Sensitive Afghan ally details']},
'date_detected': '2023-08',
'date_publicly_disclosed': '2024-07',
'description': 'A devastating data breach at the UK Ministry of Defence (MoD) '
'exposed the personal details of ~33,000 Afghans (up to '
'100,000 lives at risk) seeking UK sanctuary. The breach '
'occurred in February 2022 when a spreadsheet was emailed '
'externally, but was only discovered in August 2023 after '
'parts appeared in a Facebook group. The MoD used a '
'superinjunction to suppress reporting and initiated a secret '
'£7bn evacuation program. The breach was compounded by '
'systemic failures, lack of transparency, and inadequate data '
'handling controls. MPs warn similar incidents could recur due '
'to unaddressed vulnerabilities.',
'impact': {'brand_reputation_impact': ['Severe damage to UK government trust '
'among Afghan allies',
'Criticism from cross-party MPs '
'(Public Accounts Committee)',
'Media scrutiny over secrecy and '
'accountability failures'],
'customer_complaints': ['Afghan caseworkers and affected '
'individuals reported lack of transparency '
'and delays'],
'data_compromised': {'estimated_lives_at_risk': 100000,
'records_exposed': 33000,
'types': ['Personal Identifiable Information '
'(PII)',
'Resettlement Application Details']},
'financial_loss': {'estimated_cost': '£850 million (disputed '
'accuracy)',
'evacuation_scheme_cost': '£7 billion (2024 '
'audit)',
'legal_liabilities': None},
'identity_theft_risk': ['High (exposed PII of vulnerable Afghans '
'at risk of Taliban retaliation)'],
'legal_liabilities': ['Potential violations of UK data protection '
'laws (e.g., GDPR)'],
'operational_impact': ['Secret evacuation program triggered',
'Superinjunction imposed to suppress '
'reporting (2022–2024)',
'Resettlement pathway stalled; only 3,383 '
'of 27,278 affected individuals relocated '
'by 2024',
'NAO and parliamentary oversight '
'obstructed'],
'systems_affected': ['MoD Email Systems',
'Afghan Resettlement Casework Database']},
'investigation_status': 'Ongoing (PAC inquiry, NAO review)',
'lessons_learned': ['Systemic failures in MoD data handling and transparency',
'Inadequate oversight mechanisms for sensitive operations',
'Need for secure casework systems and access controls',
'Risks of secrecy in public accountability'],
'post_incident_analysis': {'corrective_actions': ['New secure casework system '
'for Afghan resettlement',
'Policy reviews on data '
'handling',
'Lifting of superinjunction '
'(2024-07)',
'PAC recommendations '
'implementation (pending)'],
'root_causes': ['Human error (misaddressed email)',
'Lack of secure data transfer '
'protocols',
'Inadequate access controls for '
'sensitive data',
'Cultural issues (secrecy over '
'accountability)',
'Failure to learn from prior '
'breaches']},
'recommendations': ['Implement robust data protection controls (e.g., '
'encryption, access limits)',
'Establish clear protocols for breach disclosure to '
'oversight bodies (e.g., NAO)',
'Accelerate resettlement of affected Afghans to mitigate '
'ongoing risks',
'Create parliamentary oversight committee for sensitive '
'defence operations',
'Regular audits of MoD data handling practices'],
'references': [{'date_accessed': '2024-10',
'source': 'The Independent',
'url': 'https://www.independent.co.uk'},
{'date_accessed': '2024-10',
'source': 'Public Accounts Committee (PAC) Report'},
{'date_accessed': '2024-10',
'source': 'Lighthouse Reports',
'url': 'https://www.lighthousereports.nl'}],
'regulatory_compliance': {'legal_actions': ['PAC inquiry (2024)',
'Potential future litigation by '
'affected individuals'],
'regulations_violated': ['UK GDPR (potential)',
'Public Sector Data '
'Handling Standards'],
'regulatory_notifications': ['Delayed/obstructed '
'(NAO not fully '
'informed)']},
'response': {'communication_strategy': ['Secrecy and limited disclosure '
'(2022–2024)',
'Public disclosure after '
'superinjunction lifted (July 2024)',
'PAC report publication (2024-10)'],
'containment_measures': ['Superinjunction (later lifted in July '
'2024)',
'Facebook group takedown (implied)'],
'incident_response_plan_activated': ['Superinjunction to '
'suppress reporting '
'(2022–2024)',
'Secret evacuation program'],
'recovery_measures': ['£7bn evacuation scheme (approved 2024)',
'Resettlement of 3,383 affected '
'individuals (as of 2024)'],
'remediation_measures': ['Introduction of a dedicated secure '
'casework system for Afghan '
'resettlement (post-breach)',
'Policy changes in data handling '
'(ongoing)']},
'stakeholder_advisories': ['PAC report warnings on recurrence risks (2024-10)',
'MoD statement on improved practices (2024-07)'],
'title': 'Ministry of Defence (MoD) Afghan Resettlement Data Breach (2022)',
'type': ['Data Breach', 'Unauthorized Disclosure', 'Privacy Violation'],
'vulnerability_exploited': ['Poor Data Handling Practices',
'Lack of Secure Casework Systems',
'Insufficient Oversight']}