The Intelligence and Security Committee (ISC) has initiated an investigation into a significant data breach that exposed the identities of thousands involved in UK military operations in Afghanistan.
Inquiry Launched into Afghan Data Breach Affecting Thousands
Inquiry Launched into Afghan Data Breach Affecting Thousands
Parliament's intelligence watchdog scrutinizes data leak compromising personal information.
The Intelligence and Security Committee (ISC) has officially announced an inquiry into a substantial data breach that has compromised the identities of thousands of Afghans, as well as British military officials. The breach, which took place under the previous government's management, led to a super-injunction that prevented the ISC from being briefed on the matter until recently.
Chairman Lord Beamish emphasized the urgency of the situation, insisting that all relevant intelligence documents be supplied "immediately" for thorough examination. A representative from the Ministry of Defence (MoD) expressed strong approval for the committee's investigation into the breach.
Lord Beamish, addressing the serious constitutional implications surrounding the event, confirmed that the cross-party ISC will explore the intelligence community's involvement and actions regarding data loss. He highlighted concerns regarding how long the breach went unreported—a staggering duration of over a year.
The ISC contends that the Justice and Security Act 2013 permits them access to classified material necessary for their oversight responsibilities regarding MI5, MI6, and the Government Communications Headquarters (GCHQ).
The MoD acknowledged the significance of investigating these substantial failures and expressed a commitment to thorough accountability. The Defence Secretary has instructed the ministry to fully support the ISC and any related parliamentary committees. He stated that if ministers or officials are called upon, they are prepared to give testimony.
The data leak originated in February 2022 when an individual mistakenly sent a spreadsheet containing over 30,000 resettlement applications to a non-government recipient, believing he was only disclosing information about 150 individuals. It wasn't until August 2023 that the breach came to light, following a Facebook post by an Afghan individual naming nine cases and implying they could release additional names—an incident described by government sources as "essentially blackmail."
In response to the leak, the MoD sought a gagging order in September 2023 to protect nearly 19,000 Afghans, who previously collaborated with British forces, from potential retaliation by the Taliban. The High Court installed a strict super-injunction that prohibited any reporting on the case until it was lifted last week.
As a consequence of the data breach, the UK government has been discreetly establishing the Afghanistan Response Route (ARR), aiming to relocate around 7,000 affected individuals to the UK at a projected cost of approximately £850 million. Furthermore, MoD representatives noted that they intend to robustly defend against any legal actions or compensation claims linked to the data breach, asserting these claims currently remain hypothetical. However, reports indicate that the MoD will not actively provide compensation to those impacted by the leak.
