UK defense ministry fined for life-threatening breach

The UK's data watchdog said the details of 265 Afghan nationals were compromised via an “email error,” which could have resulted in a threat to life.

The UK Information Commissioner’s Office (ICO) fined the kingdom’s Ministry of Defence (MoD) £350,000 ($442,000) for disclosing personal details of people seeking to leave Afghanistan for the UK after Western forces pulled out from the country in 2021.

Exposing names, faces, and, in some cases, locations of people who have cooperated with the British forces could have put the individuals in life-threatening situations once the Taliban forces took over the country.

According to the ICO, the MoD sent an email to a list of individuals eligible for evacuation, using the “To” field with personal information on 245 people. In other words, somebody put everyone’s email address in the “To” field instead of adding an invisible copy.

A couple of the email recipients replied to the entire list of participants, with one providing their exact location.

“The data disclosed, should it have fallen into the hands of the Taliban, could have resulted in a threat to life,” reads the ICO’s statement.

Once the MoD realized what it had done, the ministry contacted individuals, asking them to delete the email and change their email address.

However, the ICO believes that the MoD’s UK’s Afghan Relocations and Assistance Policy (ARAP) team failed to meet the rules requiring secure data transfer services for any communications involving sensitive information.

“The ICO investigation found that, at the time of the infringement, the MoD did not have operating procedures in place for the ARAP team to ensure group emails were sent securely to Afghan nationals seeking relocation,” the ICO said.

More from Cybernews:

Experiment: the ultimate kill switch for ads, malvertisers, and scammers

Cybercriminals selling fraudulent Outlook accounts taken down by Microsoft

X sued for “unlawful micro-targeting” in ad campaigns

GambleForce threat group targets Asia-Pacific

US officials: Russian hackers are launching potential SolarWinds-style operations

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked