The UK Ministry of Defence is facing fresh embarrassment after the personal data of former Tory ministers, British troops, and thousands of Afghan allies was compromised in a cyber attack.
The latest breach adds to a series of mishaps that have left some of the most vulnerable people at risk.
Thousands Warned About Hacked Personal Details
On Friday, the MoD sent alerts to 3,700 affected individuals, warning that sensitive information—including names, dates of birth, and passport numbers—had been accessed by hackers.
The breach comes exactly a month after revelations that secret flights were bringing Afghan evacuees to the UK, following a previous data leak that reportedly put 100,000 people in danger from the Taliban.
Repeated Leaks Spark Concern Among Afghan Allies
This is the third leak since 2021 affecting former frontline Afghans. Rafi Hottak, a former special forces interpreter who was seriously injured in Afghanistan, voiced his frustration.
“How can it be that we’ve now had three separate data leaks involving one of the most vulnerable groups of people?” he asked.
“I am truly worried about how badly the UK MoD has mishandled the personal data of Afghan allies.
Once again, they have failed to protect those who stood shoulder to shoulder with them.”
High-Level Officials Also Affected
The breach reportedly included personal details of former Conservative government ministers.
Its sensitivity has prompted both the National Crime Agency and the National Cyber Security Centre to investigate.
Hack Targets Third-Party Contractor
The incident stemmed from a cyber attack on Inflite The Jet Centre, a subcontractor responsible for ground handling of flights into Stansted Airport.
These flights included Afghans being relocated to the UK, routine military exercises, and official engagements.
Inflite also provides services for the Cabinet Office.
The compromised data primarily covers January to March 2024, affecting hundreds of Afghans and around 100 UK personnel.
The MoD emphasized that there is no evidence any data has been released publicly or posted on the dark web.
Ongoing Investigations and Cybersecurity Measures
Investigations are underway into the cyber attack and any potential ransomware demands.
The MoD advised recipients to remain vigilant for unusual communications and activity.
Affected individuals were informed that the contractor required certain information to ensure smooth flight operations.
Afghan Community Voices Alarm
Professor Sara de Jong of the Sula Alliance, which advocates for Afghans who worked alongside UK forces, condemned the repeated security failures.
“It’s extraordinary that Afghans at risk are affected by yet another data security incident involving the Ministry of Defence,” she said.
“This will further erode the trust of Afghans who supported British military goals and expected protection in return.”
Contractor Responds and Government Reassures
Inflite The Jet Centre stated it experienced unauthorized access to a limited number of company emails.
The company reported the incident to the Information Commissioner’s Office and is cooperating with UK cyber authorities.
A government spokesperson reassured the public that no government systems were compromised and no individuals’ safety was threatened.
“We take data security extremely seriously and are going above and beyond our legal duties in informing all potentially affected individuals,” the statement read.
The Cost of Previous Data Mishaps
This latest breach echoes the infamous 2023 leak, when a list of Afghans seeking relocation to the UK was accidentally emailed by a soldier.
A government super-injunction was then imposed, preventing media coverage for nearly two years.
FOI documents later revealed that the legal costs of maintaining the news blackout totaled almost £2.5 million.
