Investigation ordered into data breach of hundreds of Afghan interpreters’ addresses

Defence Secretary Ben Wallace requested the probe after being alerted to the lapse, which could potentially jeopardise their safety of around 250 Afghan interpreters

The Ministry of Defence has ordered an investigation after a data breach involving the email addresses of hundreds of Afghan interpreters who worked for British forces.

Defence Secretary Ben Wallace requested the probe after being alerted to the lapse, which could potentially jeopardise their safety.

An estimated 250 addresses were revealed, it was reported.

UK troops evacuated more than 8,000 people eligible for the Afghan Relocations and Assistance Policy in two weeks at the end of August.

But not everyone who was eligible for the scheme was able to flee by the August 31 deadline for the US-led coalition to withdraw as the Taliban seized control.

If the Afghans involved are still in their homeland, they could be at risk of being targeted by Taliban fighters who believe their countrymen are collaborators for working with western troops.

Shadow Defence Secretary John Healey said: “We told these Afghan interpreters we would keep them safe – instead, this breach has needlessly put lives at risk.

“The priority now is to urgently step up efforts to get these Afghans safely to the UK.

“This is the second major data breach from the MoD this year, after sensitive documents were discovered at a bus stop in Kent in June.

“Clearly, the Defence Secretary needs to get his house in order.”

An MoD spokeswoman said: “An investigation has been launched into a data breach of information from the Afghan Relocations Assistance Policy team.

“We apologise to everyone impacted by this breach and are working hard to ensure it does not happen again.

“The Ministry of Defence takes its information and data handling responsibilities very seriously.”

The Mirror understands the Afghans involved have been contacted and offered advice on how to manage potential risks unleashed by the breach.

The ARAP was announced late last December by Mr Wallace and Home Secretary Priti Patel following years of campaigning.

The scheme launched in April and was designed to “offer relocation or other assistance to current and former locally employed staff in Afghanistan” as the security situation deteriorated in the run-up to western forces’ pullout, which was completed on August 31.

Applicants were encouraged to complete an online application form for the system.

The link was still available on Monday and the Government website says the scheme “will continue to remain open and operate indefinitely”.

It adds: “Under the ARAP scheme, any current or former locally employed staff directly employed by HMG (HM Government) assessed to be at serious risk of threat to life will be eligible to apply for ARAP regardless of their employment status, rank or role, or length of time served.”

There are four categories of eligibility, with the highest being given to those whose lives are in danger.

“The cohort eligible for urgent relocation comprises of those who are assessed to be at high and imminent risk of threat to life,” says the website.

Earlier this month, then Foreign Secretary Dominic Raab admitted he was unable to give a “definitive” figure for the number of people eligible to come to the UK who remained in the war-ravaged nation.

The Home Office announced three weeks ago that those eligible for the scheme will be given indefinite leave to remain, rather than the five years’ residency previously offered.

It was unclear last night(MON) whether the incident had been reported to the Information Commissioner’s Office.

British troops relied on hundreds of Afghan interpreters during the UK armed forces’ 20-year deployment following the September 11 terror attacks of 2001.

The Information Commissioner’s Office website says: “The UK GDPR (general data protection regulation) introduces a duty on all organisations to report certain personal data breaches to the relevant supervisory authority.

“You must do this within 72 hours of becoming aware of the breach, where feasible.

“If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay.”
It is understood the MoD will take all necessary steps under GDPR.