IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

MoD data breach ‘put lives of Afghan interpreters at risk’

The blunder exposed the email addresses of 250 interpreters seeking relocation

The Ministry of Defence (MoD) has launched an investigation following a data leak in which the identities of more than 250 Afghan interpreters may have been compromised.

An email the MoD sent to interpreters who had worked for the British forces and were seeking refuge, after the Taliban seized control of the county last month, included the addresses of all recipients, according to BBC News

Although many of these individuals are in hiding, their email addresses could be seen by everyone in the chain, as well as people’s names and profile pictures in some cases.

The email was sent by the team in charge of the UK’s Afghan Relocations and Assistance Policy (Arap), which has been in touch with these interpreters since the Taliban took over. The message advised those still stranded that the organisation was working to extract them, advising them not to leave their current location if it wasn’t safe to do so.

The MoD sent another email 30 minutes later with the title “Urgent - Arap case contact” which acknowledged the error and asked recipients to delete their previous email, suggesting their details may have been compromised. 

Related Resource

Challenging the rules of security

Protecting data and simplifying IT management with Chrome OS

Whitepaper front coverFree download

“An investigation has been launched into a data breach of information from the Afghan Relocations Assistance Policy team,” an MoD spokesperson said, according to the Guardian. “We apologise to everyone impacted by this breach and are working hard to ensure it does not happen again.

“The Ministry of Defence takes its information and data handling responsibilities very seriously.”

The shadow defence secretary told the newspaper that this breach has “needlessly put lives at risk”, adding the priority should be to step up efforts to relocate these individuals.

This is the latest public sector blunder caused by misuse of the ‘cc’ and ‘bcc’ fields when sending sensitive messages to large groups of people. 

Last year, for example, an employee from outsourcing giant Serco accidentally pasted the email addresses of 300 contact tracers into the bcc field when sending a message. 

In 2018, the Independent Inquiry Into Child Sexual Abuse (IICSA) was fined £200,000 for leaking the personal data of possible abuse victims. In this case, a staff member inadvertently sent a mass email to 90 participants by copying their emails into the ‘to’ field rather than the ‘bcc’ field. 

A couple of years before that, the NHS was fined £180,000 for leaking the personal details of HIV patients in 2015. A similar blunder saw the details of 780 clinic attendees with the 56 Dean Street clinic in Soho leaked in an email.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Researchers demonstrate how to install malware on iPhone after it's switched off
Security

Researchers demonstrate how to install malware on iPhone after it's switched off

18 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022