The Ministry of Defence (MoD) has admitted to 49 separate data breaches in the past four years within the unit responsible for relocation applications from Afghans seeking safety in the UK.
The revelation raises serious concerns about the security of sensitive personal data linked to the Afghan Relocations and Assistance Policy (ARAP), a scheme established in April 2021 to protect those who worked with British forces in Afghanistan.
Major 2022 Leak Exposed Thousands
Among the breaches was a catastrophic 2022 leak involving a spreadsheet containing the personal details of nearly 19,000 Afghans fleeing the Taliban. This incident, initially hidden under a court-imposed gagging order, only became public last month when the High Court lifted restrictions.
The UK’s information watchdog described the leak as a “one-off failure” in usual checks, but lawyers representing victims argue it reflects systemic failings.
Calls for Transparency and Accountability
Lawyers, including representatives from Barings Law, say the new figures show “a culture of lax security” at the MoD. Adnan Malik, Head of Data Protection at the firm, warned that victims should not be forced to rely on legal action or media reports to learn about breaches that could put their lives at risk.
Past breaches included mistakenly copying hundreds of Afghans into emails, which exposed them to Taliban reprisals and led to a £350,000 fine from the Information Commissioner’s Office (ICO).
Watchdog and Political Response
Seven of the 49 breaches were serious enough to be reported to the ICO, including previously undisclosed cases in 2021 and 2022. The ICO confirmed it is continuing to work with the MoD but has not taken further action against the department.
Labour government officials blamed Conservative predecessors for poor data security and said new systems have been introduced since last year. Conservatives, meanwhile, apologised for the failures but stressed that protecting Afghan lives remained the priority at the time.
Ongoing Questions Over Data Security
Experts warn that the scale of the breaches highlights a deeper problem. Data protection specialist Jon Baines said: “It is difficult to think of information more sensitive than that involved in the ARAP scheme. It baffles me why stronger safeguards were not in place.”
Despite government assurances, campaigners continue to demand a full investigation into how the MoD handles highly sensitive personal data that, if exposed, could endanger Afghan allies who supported British forces.
