Thousands of Afghan nationals seeking asylum in Britain are unlikely to receive compensation following a serious Ministry of Defence (MoD) data breach that exposed their personal details to potential Taliban reprisals.
The MoD has confirmed it will “robustly defend” anticipated legal claims for damages, insisting it is “highly unlikely” that individuals named in the 2022 spreadsheet leak were targeted as a result. It has also ruled out offering voluntary, small-scale compensation payments to those affected.
The breach, which compromised the personal data of 18,714 applicants to the Afghan Relocations and Assistance Policy (Arap), inadvertently placed up to 100,000 Afghans at risk.
The incident, kept under wraps for two years under an unprecedented superinjunction, is estimated to have cost the UK taxpayer billions.
In response to the crisis, the government secretly established the Afghanistan Response Route (ARR), aimed at relocating some of the affected individuals to Britain.
The Government now expects to resettle around 6,900 people via the scheme at a projected cost of £850 million.
Despite the severity of the breach, an independent review cited by the MoD concluded that appearing on the leaked document is no longer considered a significant risk factor for Taliban targeting.
Legal action is looming, with hundreds of potential data protection claims expected. The High Court heard this week that a Manchester-based legal firm already represents several hundred prospective claimants.
This is not the first time the MoD has faced consequences over Afghan data mishandling. Earlier this month, prior to the lifting of the 2022 superinjunction, Armed Forces Minister Luke Pollard confirmed a £1.6 million payout for a separate 2021 breach.
In that case, the MoD agreed to compensate 265 individuals up to £4,000 each, after their details were wrongly included in mass emails. That incident also led to a £350,000 fine from the Information Commissioner’s Office (ICO).
However, the ICO has declined to take further action regarding the 2022 breach. Commissioner John Edwards stated that given the intense public scrutiny, additional regulatory steps would add little value.
The scope of the damage extended beyond Afghan applicants, with the leak also compromising sensitive information about over 100 British personnel, including members of the special forces and intelligence services.
New figures show the MoD experienced 569 data breaches in 2023–24, a rise from 550 the year before.
These included incidents involving lost electronic devices and improper disposal of classified documents. In one particularly alarming case, the personal and financial details of 272,000 MoD staff were exposed following a cyberattack on a third-party contractor system.
As scrutiny mounts, serious concerns remain over the MoD’s capability to safeguard sensitive information amid repeated lapses in data security.
