The Ministry of Defence (MoD) has not completed sufficient to cease additional knowledge breaches, MPs have warned, after the private particulars of hundreds of Afghans making use of to maneuver to the UK have been leaked.
The Home of Commons Public Accounts Committee (PAC) mentioned the division “knew the risks” of utilizing “inappropriate” knowledge methods – particularly Excel spreadsheets – to deal with delicate private data because the Taliban seized energy in Afghanistan.
Nonetheless, it discovered the MoD “neither did enough to improve its processes, guidance, and culture in response to this risk, nor to learn lessons from multiple data breaches over successive years”.
MPs additionally criticised the division for failing to calculate the whole price of a secret relocation plan it arrange after the info breach, saying its £850m estimate doesn’t embrace prices of authorized motion or potential compensation claims.
Please use Chrome browser for a extra accessible video participant
6:40
Information breach places 20,000 Afghan lives ‘at risk’
A reminder of what occurred…
In July, it emerged that particulars of almost 19,000 candidates for the Afghan Relocations and Help Coverage (ARAP) scheme have been launched “in error” by a defence official in 2022.
Excerpts from a spreadsheet containing the info have been posted anonymously on a Fb group, earlier than the MoD grew to become conscious of the breach in August 2023.
It led to the imposition of an excellent injunction in September 2023, which blocked all protection of the leak. The Afghanistan Response Route (ARR) was then set as much as carry a few of these affected to the UK.
After their data was leaked, an estimated 7,355 folks grew to become eligible for resettlement – added to these already included within the preliminary scheme, it amounted to round 27,278 candidates for relocation to the UK.
Defence Secretary John Healey provided a “sincere apology” on behalf of the federal government after experiences of the leak emerged, calling it a “serious departmental error”.
Please use Chrome browser for a extra accessible video participant
2:51
Timeline of Afghan knowledge breach
‘These dangers crystallised,’ says PAC chair
The cross-party panel urged the MoD to substantiate it’s now utilizing a brand new casework system to handle all Afghan resettlement schemes and provides particulars of the way it will stop knowledge breaches sooner or later.
Committee chairman Sir Geoffrey Clifton-Brown MP mentioned “data breaches occurred in 2021 which were sufficiently serious to have to be reported to the Information Commissioner’s Office, giving a warning which MoD should have taken steps to heed”.
He added: “These risks crystallised into dozens of data breaches over years, and ultimately resulted in the 2022 breach, presenting a grave risk to thousands of lives and a cost to the taxpayer running into hundreds of millions of pounds, at least.
“I take no pleasure as chair of this committee in stating now that we lack confidence within the MoD’s present capacity to stop such an incident occurring once more.”
An MoD spokesperson mentioned the incident “should never have happened”, and that “while the committee acknowledges that practices have improved, we are continuing to make changes and improvements in data handling across the department, such as introducing a dedicated, secure casework system for Afghan resettlement”.
“This government lifted the super injunction in July so that the public and parliament could rightly scrutinise this,” they mentioned.
“The overall financial cost has never been concealed, and the government published the cost of all Afghan resettlement schemes, including the ARR, in the spending audit in July 2024.
“We proceed to estimate that the general price of the ARR scheme will likely be £850m.”
