UK Data Breach Compromises Personal Information of Over 3,000 Afghans and British Personnel
The Ministry of Defense alerts 3,700 individuals after a cyberattack on subcontractor Inflite exposes personal data.
LONDON: The UK's Ministry of Defense has announced that more than 3,000 Afghans, British troops, and government officials have had their personal data compromised due to a recent cyberattack.
This incident follows a high-profile data breach from 2023 involving the release of information related to Afghan individuals who worked alongside British forces.
The 2023 breach's details were previously under a superinjunction but became public last month, leading to threats against those affected, many of whom are now concerned about a second breach.The latest incident involved a ransomware attack on Inflite, a third-party subcontractor responsible for data related to evacuation flights from Afghanistan to Stansted Airport in 2024.
The compromised information includes names, dates of birth, and passport numbers, along with Afghan Relocations and Assistance Policy reference numbers.
Over 100 British personnel were among those affected, with the remainder being Afghans.According to an alert sent by the Ministry of Defense, there is a risk that the breached data could be used for malicious purposes, prompting individuals to remain vigilant about their personal information and family details.
No evidence has surfaced indicating that the compromised information has been released publicly or on the dark web.The repeated breaches have added to concerns regarding the UK's handling of the Afghanistan withdrawal in 2021.
Sir Mark Lyall Grant, a former national security adviser, described both incidents as 'deeply embarrassing' for the government, emphasizing the need for expedited action to protect individuals at risk of Taliban reprisal due to their association with British forces.The cost associated with addressing previous breaches includes an expensive superinjunction and a secretive government program aimed at bringing at-risk Afghans to Britain.
Barings Law, representing 1,400 affected Afghans, has criticized the government's handling of the situation, stating that public funds have been misused for damage control.A former interpreter injured in Afghanistan expressed concern over the repeated mishandling of personal data by the Ministry of Defense.
Rafi Hottak questioned how those who fought alongside British forces could continue to be vulnerable to such breaches.Inflite spokesperson acknowledged the sensitivity of the incident and reiterated their commitment to protecting systems, data, and stakeholders' interests.
The government has assured the public that it takes data security seriously and has exceeded legal obligations in notifying affected individuals.
They have also stated that no threat to personal safety or government systems has been detected.
This incident follows a high-profile data breach from 2023 involving the release of information related to Afghan individuals who worked alongside British forces.
The 2023 breach's details were previously under a superinjunction but became public last month, leading to threats against those affected, many of whom are now concerned about a second breach.The latest incident involved a ransomware attack on Inflite, a third-party subcontractor responsible for data related to evacuation flights from Afghanistan to Stansted Airport in 2024.
The compromised information includes names, dates of birth, and passport numbers, along with Afghan Relocations and Assistance Policy reference numbers.
Over 100 British personnel were among those affected, with the remainder being Afghans.According to an alert sent by the Ministry of Defense, there is a risk that the breached data could be used for malicious purposes, prompting individuals to remain vigilant about their personal information and family details.
No evidence has surfaced indicating that the compromised information has been released publicly or on the dark web.The repeated breaches have added to concerns regarding the UK's handling of the Afghanistan withdrawal in 2021.
Sir Mark Lyall Grant, a former national security adviser, described both incidents as 'deeply embarrassing' for the government, emphasizing the need for expedited action to protect individuals at risk of Taliban reprisal due to their association with British forces.The cost associated with addressing previous breaches includes an expensive superinjunction and a secretive government program aimed at bringing at-risk Afghans to Britain.
Barings Law, representing 1,400 affected Afghans, has criticized the government's handling of the situation, stating that public funds have been misused for damage control.A former interpreter injured in Afghanistan expressed concern over the repeated mishandling of personal data by the Ministry of Defense.
Rafi Hottak questioned how those who fought alongside British forces could continue to be vulnerable to such breaches.Inflite spokesperson acknowledged the sensitivity of the incident and reiterated their commitment to protecting systems, data, and stakeholders' interests.
The government has assured the public that it takes data security seriously and has exceeded legal obligations in notifying affected individuals.
They have also stated that no threat to personal safety or government systems has been detected.
