MoD data breach ‘put lives of Afghan interpreters at risk’

The blunder exposed the email addresses of 250 interpreters seeking relocation

The Ministry of Defence (MoD) has launched an investigation following a data leak in which the identities of more than 250 Afghan interpreters may have been compromised.

An email the MoD sent to interpreters who had worked for the British forces and were seeking refuge, after the Taliban seized control of the county last month, included the addresses of all recipients, according to BBC News

Although many of these individuals are in hiding, their email addresses could be seen by everyone in the chain, as well as people’s names and profile pictures in some cases.

The email was sent by the team in charge of the UK’s Afghan Relocations and Assistance Policy (Arap), which has been in touch with these interpreters since the Taliban took over. The message advised those still stranded that the organisation was working to extract them, advising them not to leave their current location if it wasn’t safe to do so.

The MoD sent another email 30 minutes later with the title “Urgent - Arap case contact” which acknowledged the error and asked recipients to delete their previous email, suggesting their details may have been compromised. 

Related Resource

Challenging the rules of security

Protecting data and simplifying IT management with Chrome OS

Whitepaper front coverFree download

“An investigation has been launched into a data breach of information from the Afghan Relocations Assistance Policy team,” an MoD spokesperson said, according to the Guardian. “We apologise to everyone impacted by this breach and are working hard to ensure it does not happen again.

“The Ministry of Defence takes its information and data handling responsibilities very seriously.”

The shadow defence secretary told the newspaper that this breach has “needlessly put lives at risk”, adding the priority should be to step up efforts to relocate these individuals.

This is the latest public sector blunder caused by misuse of the ‘cc’ and ‘bcc’ fields when sending sensitive messages to large groups of people. 

Last year, for example, an employee from outsourcing giant Serco accidentally pasted the email addresses of 300 contact tracers into the bcc field when sending a message. 

In 2018, the Independent Inquiry Into Child Sexual Abuse (IICSA) was fined £200,000 for leaking the personal data of possible abuse victims. In this case, a staff member inadvertently sent a mass email to 90 participants by copying their emails into the ‘to’ field rather than the ‘bcc’ field. 

A couple of years before that, the NHS was fined £180,000 for leaking the personal details of HIV patients in 2015. A similar blunder saw the details of 780 clinic attendees with the 56 Dean Street clinic in Soho leaked in an email.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021