The UK's data watchdog said the details of 265 Afghan nationals were compromised via an “email error,” which could have resulted in a threat to life.
The UK Information Commissioner’s Office (ICO) fined the kingdom’s Ministry of Defence (MoD) £350,000 ($442,000) for disclosing personal details of people seeking to leave Afghanistan for the UK after Western forces pulled out from the country in 2021.
Exposing names, faces, and, in some cases, locations of people who have cooperated with the British forces could have put the individuals in life-threatening situations once the Taliban forces took over the country.
According to the ICO, the MoD sent an email to a list of individuals eligible for evacuation, using the “To” field with personal information on 245 people. In other words, somebody put everyone’s email address in the “To” field instead of adding an invisible copy.
A couple of the email recipients replied to the entire list of participants, with one providing their exact location.
“The data disclosed, should it have fallen into the hands of the Taliban, could have resulted in a threat to life,” reads the ICO’s statement.
Once the MoD realized what it had done, the ministry contacted individuals, asking them to delete the email and change their email address.
However, the ICO believes that the MoD’s UK’s Afghan Relocations and Assistance Policy (ARAP) team failed to meet the rules requiring secure data transfer services for any communications involving sensitive information.
“The ICO investigation found that, at the time of the infringement, the MoD did not have operating procedures in place for the ARAP team to ensure group emails were sent securely to Afghan nationals seeking relocation,” the ICO said.
Your email address will not be published. Required fields are markedmarked