A major Afghan data leak occurred last month. The UK Ministry of Defence is responsible. Importantly, staff received warnings before this incident. New documents reveal this critical fact. The Information Commissioner’s Office released these papers. Consequently, we now understand the timeline better.
Officials leaked personal details of 19,000 people. These people applied for UK relocation. An employee mistakenly emailed a spreadsheet. However, a hidden tab contained the sensitive information. This Afghan data leak compromised everyone’s safety. Sadly, the Taliban could access this list. Therefore, the breach created immense danger.
Guidance explicitly warned MoD staff before the leak. They knew about the risks of sharing data. Specifically, rules mentioned removing hidden information. Spreadsheet software often contains these hidden tabs. Users cannot see them immediately. But changing settings makes everything visible. This Afghan data leak was entirely preventable.
The government predicts enormous costs from this error. They estimate a £850m bill eventually. This funds an emergency resettlement scheme. The High Court even issued a super-injunction. This legal order blocked reporting for two years. Thankfully, the order was lifted last month.
The MoD reported itself to the ICO in 2023. Then both bodies held secret meetings. Internal emails show deep concern. Government officials called it “the most expensive email ever sent”. Meanwhile, ICO staff questioned their own response. They debated why no fine was issued. They also wondered about a potential investigation.
One staff member expressed frustration. They asked why the decision was taking so long. Another admitted the ICO’s limited role. They relied heavily on the MoD for evidence gathering. Legally, public bodies must report data breaches. The regulator can then investigate and fine organizations.
Previously, the ICO fined the MoD £350,000. That was for a much smaller Afghan breach. Therefore, inaction here created “reputational risk”. The ICO ultimately decided against a fine. They did not want to burden taxpayers with additional costs. Their justification remained an “imperfect answer”.
Recently, it was found 49 more data breaches. These occurred in the same Afghan relocation unit. An ICO spokesperson acknowledged some progress. However, the government has not done enough. Necessary changes are not happening fast enough. They demand assurances on improvements.
The MoD claims it is improving data security. They point to better software and new training. Also, they hired more data experts. They accepted all ICO recommendations fully. They promise to prevent a similar incident.
For more political updates, visit London Pulse News.
