A second MoD data breach endangers lives of 55 Afghan individuals

The ARAP team, already responsible for leaking the data of 250 Afghan interpreters, accidentally exposed details via email

For the second time this week, a disastrous Ministry of Defence email data breach has put the lives of Afghan individuals at risk. 55 citizens were accidentally copied into the email, where personal details, including names and, in some instances, profile pictures, were exposed to the other recipients.

The details leaked by the Afghan Relocation and Assistance Policy (ARAP) team not only mark a gross violation of personal privacy, and highlight a growing pattern of inept data handling by the UK government, but could also be leveraged by the Taliban in order to conduct future digital and physical attacks.

Earlier in the week, the details of 250 Afghan interpreters had, similarly, been copied into an email en masse by the ARAP team. Some interpreters had even replied to all the recipients in the chain, having not noticed the blunder, and shared more secure details.

These two devastating events will almost certainly endanger those affected individuals within Afghanistan, and lead to Taliban reprisals and even loss of life.

A spokesperson for MoD claimed that the department was aware of the initial data breach, saying:

Steps have now been taken to ensure this does not happen in the future. We apologise to those affected and extra support is being offered to them.

Further to the announcement, and as of September 21, the MoD has suspended an employee.

The cost of human error

The fact that such a costly, avoidable data breach has happened not once, but twice, is unacceptable – and that human error played a large role in events is even more frustrating.

According to CybSafe, 90% of data breaches in 2019 happened as a result of human error – and it is not the first time we have seen a government body behave in such an inept manner. In 2018, the United States Department of Defense (DOD) exposed the personal information of 21,500 personnel (including Marines and sailors, as well as civilians) when an unencrypted email was sent to the incorrect distribution link.

In the case of the MoD incidents, human error is now not only responsible for a breach in morality and trust, but also responsible for the endangerment of Afghan individuals who had thought to rely on the department. This workplace “mistake” goes far beyond a simple, reversible slip up. This “mistake”, and the size and possible scope of its repercussions, highlight how necessary it is to implement a system of checks before communications are sent, en masse, to vulnerable recipients in hostile lands.