Ex-intelligence chief: Lessons must be learned after more Afghan data breaches emerge
A former senior military intelligence officer has told BFBS Forces News that repeated Afghan data breaches by the Ministry of Defence demonstrate a "lack of awareness and a lack of understanding of the threat to data and a lack of care".
Philip Ingram called for "a fundamental root and branch review of who is responsible for the data security" after the MOD admitted 49 separate data breaches had occurred in the past four years at the unit responsible for processing relocation claims from Afghan nationals fleeing Taliban rule.
"Someone needs to be held to account," he said.
The updated figure, which was initially obtained by the BBC and later confirmed by the MOD, includes four breaches already made public, dating back to 2021 and 2022.
Earlier this year, a consortium of newspapers reported the accidental leak of a document containing details of around 19,000 Afghans seeking sanctuary in the UK after the Taliban takeover, after the lifting of a superinjunction preventing the disclosure of the breach.
MOD says it has improved data security
"This government has worked quickly to improve data security across the department through better software, training and data experts," an MOD spokesperson said.
"We take data security extremely seriously and are committed to ensuring that any incidents are dealt with properly and that we follow our legal duties.
"All incidents that meet the threshold under UK data protection laws are referred to the Information Commissioner's Office and any lesser incidents are examined internally to ensure lessons are learned."
But Mr Ingram said the MOD should be doing even more to secure its sensitive data, which were reportedly down to human error.
"There are tools that can be put in place that will help the human not make those errors and if something is being sent outside the Ministry of Defence, there should be big warning signs that come up."
No details of additional data breaches
But a law firm, Barings Law, which is representing 1,500 Afghans affected by the leak, says the new revelations are part of a "wider and troubling pattern of negligence".
Many Afghans whose details were shared online following the breaches say they and their family members have been put at even greater risk.
Mr Ingram says steps should be taken to eliminate the chances of human error within the MOD.
"It's education, it's understanding, it's giving people the tools that they need to know what it is that they're dealing with, how they're handling the data, whenever they're handling the data, what it is they should check and look for."
Questions raised about MOD cybersecurity
Mr Ingram says the accidental breaches of data also raise questions about wider cybersecurity within the MOD.
"The biggest single threat are the people in your own organisation and [this] is the accidental data breach, but if we're not getting that right that suggests to me that MOD has not got its people aware of how external threats can come in," he said.
"It would be part of the same education and therefore one has to question the overall cybersecurity of every department at the MOD."
He also warned that the risk of more leaks remains.
"This will happen again, unless they get processes in place, unless they get dedicated deployment IT and other systems that makes sure data is properly handled."
Afghan interpreters at risk of Taliban reprisals
Thousands of Afghans worked for the British military, helping out as interpreters and in other key roles.
They faced constant danger of retribution by the Taliban, and when the Afghan government collapsed in August 2021, they had even greater fear for their lives.
The government offered them sanctuary in the UK under the Afghan Relocation and Assistance Programme (ARAP), which has recently ended.
Related topics
Join Our Newsletter
