Ministry of Defence Staff Warned Against Sharing Sensitive Data Before Major Leak

Sat Sep 13 2025 12:19:33 GMT+0300 (Eastern European Summer Time)

In a significant data breach, details of nearly 19,000 Afghan applicants to the UK were compromised after the MoD staff were cautioned against sharing sensitive information.

Documents from the UK's Information Commissioner's Office reveal that Ministry of Defence employees were warned about the risks of sharing data with hidden tabs prior to a major leak involving the personal details of nearly 19,000 Afghans who applied for relocation to the UK. This incident has raised concerns about data security protocols and the lack of action against the MoD.

The Ministry of Defence (MoD) staff were explicitly warned against sharing sensitive information that contained hidden tabs prior to a significant data leak, as disclosed by documents from the UK's data regulator. Last month, it was revealed that the details of approximately 19,000 individuals who applied to move to the UK were leaked when an official sent an email that included a spreadsheet housing this sensitive information.

Documents released by the Information Commissioner's Office (ICO) indicate that ICO staff expressed concerns regarding the absence of a fine imposed on the MoD in response to this breach. While the MoD acknowledged that they have taken steps to enhance data security, the ICO noted that the government has not sufficiently learned from past incidents.

According to an ICO memo, the guidance prior to the leak explicitly highlighted that the MoD was aware of the potential risks posed by sharing data of this nature and clearly referenced the necessity of removing hidden information from datasets. Unfortunately, hidden tabs are commonly used in spreadsheet applications, making data invisible to users but easily accessible if settings are altered.

The government estimates that the repercussions of the 2022 data leak, which incited an emergency resettlement initiative for those vulnerable to Taliban persecution, could total around £850 million. A super-injunction imposed by the High Court in September 2023 restricted reporting on the incident until last month, when the order was lifted.

After the breach emerged in 2023, the MoD informed the ICO, leading to several confidential discussions over two years regarding the incident. It was remarked by officials that the leak might have been 'the most expensive email ever sent'. Internal communications also revealed that ICO personnel pondered why no independent investigation was conducted into the MoD nor any fines issued.

Legally, data breaches by public entities are required to be reported to the ICO, which can choose to investigate and potentially levy fines. ICO staff internally discussed the reputational risks faced by the regulator for not taking action against the MoD, especially after issuing a £350,000 penalty for a smaller breach earlier that same year.

In an email sent just before the leak became public knowledge, one ICO staff member indicated their rationale for not penalizing the government remained an 'imperfect answer'. The documents were made available to the public following a Freedom of Information request, which was not submitted by the BBC.

In the wake of the leak, it was emphasized by the MoD that they implemented substantial measures to recover and erase data from all identified locations to mitigate loss of control. Nevertheless, the ICO raised questions on the protracted timeline concerning an investigation into the MoD. A spokesperson from ICO emphasized that while they have concentrated on pinpointing the root causes of breaches, the government has yet to expedite necessary changes.

Additionally, the MoD affirmed their collaboration with the ICO during the internal evaluation and that they accepted all recommendations in full to prevent a recurrence of the incident.

Ministry of Defence Staff Warned Against Sharing Sensitive Data Before Major Leak

In a significant data breach, details of nearly 19,000 Afghan applicants to the UK were compromised after the MoD staff were cautioned against sharing sensitive information.

Julia Fenner Freed in Belarus: A Diplomatic Turnaround

UN Faces Challenges in Addressing Devastation from Afghanistan's Earthquake

Afghanistan Struck by Strong Aftershock Following Deadly Earthquake

Devastation in Afghanistan: Villagers Grieve Over Earthquake's Impact

Tragic Earthquake in Afghanistan Claims 800 Lives: Aerial Search Underway

Tragic Aftermath: Afghanistan's Earthquake Leaves 800 Dead and Communities in Shock

Devastating Earthquake Claims Over 800 Lives in Afghanistan

Devastating Earthquake Strikes Afghanistan: Casualties and Challenges in Recovery

Devastating Earthquake in Eastern Afghanistan Claims 800 Lives

Cultural Controversy: Concerns Grow Over the Bayeux Tapestry's Journey to the UK

E3 Nations Initiate Snapback of UN Sanctions on Iran Amid Nuclear Tensions

UN Sanctions on Iran Set to be Reimposed by UK, France, and Germany

Student Predator Zhenhao Zou Faces Multiple Rape Allegations

Chagos Islands Transfer: Pope Celebrates Historic Deal

Pope Celebrates UK-Mauritius Agreement on Chagos Islands as 'Victory for Justice'

UK Joins International Coalition Urging Media Access to Gaza

UK Joins International Call for Media Access to Gaza Amidst Humanitarian Crisis

Unearthing the Dark Side of Entertainment Litigation: Surveillance and Psychological Manipulation**

Women in Afghanistan's Mental Health Crisis: A Fight Against Abandonment

"Voices Ignored: Afghan Women Struggle Within a Stigmatized Mental Health System"