The UK’s Ministry of Defence (MoD) has reportedly suffered a second data breach that has exposed details of more Afghan citizens who may be at risk of reprisals from Taliban forces.
Earlier this week, the government department was forced to apologize for sending an email that exposed the data of more than 250 Afghan interpreters who worked for British forces during the allied occupation of the country. This included their email addresses, names and LinkedIn profile images, putting them at risk of reprisals from the Taliban, who recently retook control of Afghanistan 20 years after being ousted by British and US forces.
A second data breach involving Afghan citizens who may be eligible to relocate to the UK has now been uncovered by the BBC, who revealed MoD officials sent an email earlier this month that mistakenly copied in dozens of people. This displayed the email addresses and some names of 55 Afghanis, including those from the Afghan National Army.
The email informed the recipients that UK relocation officials had been unable to contact them and requested updated details.
The MoD has apologized for the latest breach and said it was offering extra support to those affected. A department spokeswoman was quoted as saying: “We have been made aware of a data breach that occurred earlier this month by the Afghan Relocation and Assistance Policy (Arap) team.
“This week, the defence secretary instigated an investigation into data handling within that team.
“Steps have now been taken to ensure this does not happen in the future.”
Commenting on the story, Wouter Klinkhamer, CEO at Zivver, said: “The Afghanistan/MoD data leak news is a stark reality of what can happen when digital communications are not safeguarded. This is an extreme example, of course, where the data breach is potentially life-threatening. Still, all business leaders need to sit back and review how sensitive information is being shared and what support their workforce has to communicate securely. Commonly, incidents such as this result from human error (verified by the UK’s ICO) — an employee inadvertently selecting ‘Cc’ instead of ‘Bcc’ before sending the email. However, we’re all human, we all make mistakes — organizations need to focus on how they can empower their individuals to be able to share information securely when they need, with confidence and with ease to avoid a potentially damaging situation.”