Dozens more UK Afghan data breaches uncovered

[mwai_chat context=”Let’s have a discussion about this article:nn3 hours agoShareSaveBilly KemberPolitics investigations correspondentPhil KempPolitical reporterShareSaveMOD/Crown Copyright/2021The Ministry of Defence has admitted there have been 49 separate data breaches in the past four years at the unit handling relocation applications from Afghans seeking safety in the UK.Four out of the 49 breaches were already publicly known – including the leak in 2022 of a spreadsheet containing details of almost 19,000 people fleeing the Taliban.This mammoth data breach, which led to thousands of Afghans being secretly relocated to the UK, was only revealed last month after the High Court lifted a gagging order.It was described by the UK’s information watchdog as a “one-off occurrence following a failure to [follow] usual checks, rather than reflecting a wider culture of non-compliance”.However, lawyers representing Afghans affected by data breaches said the new figures, released to the BBC under the Freedom of Information Act, raised concerns about a culture of lax security among those working on the resettlement scheme.The MoD has refused to provide any details of the nature of each breach but incidents which have previously been made public include officials inadvertently revealing the email addresses or other personal details of applicants to third parties.Adnan Malik, Head of Data Protection at Barings Law which represents hundreds of Afghans affected by the biggest of the breaches in February 2022, said: “What began as an isolated incident, which the Ministry of Defence initially sought to keep from public view, has now escalated into a series of catastrophic failings.”We urge the Ministry of Defence to be fully transparent with both those affected and the wider public. Victims should not be forced to learn the truth through legal action or news reports.”The Afghan Relocations and Assistance Policy (ARAP) was set up in April 2021 to help people who feared their lives were at risk because they had worked with British armed forces in Afghanistan and to resettle eligible applicants and their family members in the UK. It was closed in July this year.The scheme has been dogged by revelations about poor data security, potentially putting the lives of Afghans who worked with British forces at risk. In September 2021, BBC News revealed that more than 250 Afghans seeking relocation to the UK were mistakenly copied into an email from the Ministry of Defence, putting them at risk of reprisals.A total of 265 email addresses were shared in this way across three separate incidents that month, which ultimately led to a £350,000 fine from the watchdog.The breaches were “intensely difficult and embarrassing for the government handling publicly”, one defence source said.Ben Wallace, the then-defence secretary, expressed his personal anger at what had occurred, telling MPs: “I am very keen that it is not just the poor person who drafts the email who is held to account, but the chain upwards, to ensure that this does not happen again.”Two months after the incidents, in November 2021, the then Conservative government announced “significant remedial actions”, including new data handling procedures and training as well as a new “two pairs of eyes rule” requiring any external email to an ARAP-eligible Afghan national be reviewed by a second member of staff before being sent.The government said the measures were taken to “prevent such incidents occurring again”.Instead, data breaches continued including, in February 2022, a potentially catastrophic leak which saw a soldier at Regent’s Park barracks send a spreadsheet with what they believed to be a small number …nnDiscussion:nn” ai_name=”RocketNews AI: ” start_sentence=”Can I tell you more about this article?” text_input_placeholder=”Type ‘Yes'”]