International

UK MoD data breach exposes dozens of Afghan allies to Taliban violence

Tuesday, 28 October 2025 5:04AM UTC

A major data leak by the UK Ministry of Defence has put at least 49 Afghan relatives and colleagues at risk of Taliban reprisals, with ongoing threats and deaths amid the fallout. The breach, originating from a leaked spreadsheet in 2022, has led to a government response costing billions and raising serious security concerns.

At least 49 relatives and colleagues of Afghans affected by a Ministry of Defence (MoD) data breach have been killed amid ongoing threats from the Taliban, according to research submitted to the Commons Defence Committee. The study, involving 231 respondents informed that their data had been compromised, revealed that 49 reported family members or colleagues had been killed while 200 noted threats against themselves or their families. Of those, 99 had received direct threats to their lives, and 121 said friends and relatives still in Afghanistan had been targeted by the Taliban.

The origins of the data breach trace back to February 2022, when an official at UK Special Forces headquarters accidentally shared a spreadsheet containing sensitive details of around 25,000 Afghans applying for asylum. These individuals had supported UK military operations over two decades. The leak is considered one of the worst security failures in recent British history, placing up to 100,000 people at risk of violent Taliban reprisals. The breach led to Operation Rubific, a large-scale response to relocate and protect affected individuals.

Government figures show that approximately 16,000 Afghans had been resettled in the UK by May 2025, with an additional 4,500 in transit, under a covert relocation scheme initiated after the breach was discovered in August 2023. The Ministry of Defence has acknowledged 49 separate data breaches related to the Afghan resettlement operations, though details of each incident remain undisclosed. Costs related to the resettlement operation and breach response have been substantial, with estimates suggesting around £850 million directly linked to the breach and potential total costs rising as high as £7 billion. The National Audit Office has highlighted uncertainties over the exact figures and warned that compensation claims could add further financial liabilities.

The UK government initially obtained a superinjunction to suppress public disclosure of the data breach and its consequences, only lifted in July 2025 following a High Court ruling. The injunction had aimed to protect the lives of those compromised but drew criticism for lack of transparency. Defence Secretary John Healey publicly apologised for the incident, stressing commitments to security and safeguarding personnel, including British nationals, spies, and SAS soldiers whose details were also leaked. Among the Afghan allies exposed was a decorated commando who had risked his life alongside British forces during hostage rescues in Kabul, later tortured while fleeing the Taliban due to the breach's consequences.

The breach also uncovered vulnerabilities in supplier subcontractors, with a separate cyber incident in early 2024 compromising the information of an additional 3,700 Afghan nationals relocated to the UK. This second breach occurred via Inflite - The Jet Centre, an MoD contractor providing ground handling services at London Stansted Airport.

The unfolding scandal has prompted parliamentary inquiry, emphasizing the ongoing risks posed to relocated Afghans and raising questions about the government's handling of sensitive data and protection promises. While the latest government review suggests it is unlikely that mere inclusion on leaked spreadsheets alone would necessarily trigger Taliban targeting, the evidence of killings and threats underscores the grave human cost. Defence officials continue to withhold detailed disclosures about the breach's scope and its long-term implications for British-Afghan relations and UK national security.

📌 Reference Map:

Paragraph 1 – ^[1] (Daily Mail)
Paragraph 2 – ^[1] (Daily Mail), ^[5] (Sky News)
Paragraph 3 – ^[2] (Reuters), ^[5] (Sky News), ^[4] (Reuters)
Paragraph 4 – ^[3] (Reuters), ^[1] (Daily Mail)
Paragraph 5 – ^[6] (Sky News)
Paragraph 6 – ^[7] (Parliament Defence Committee), ^[1] (Daily Mail), ^[2] (Reuters)

Source: Noah Wire Services

More on this

https://www.dailymail.co.uk/news/article-15232549/At-49-relatives-colleagues-Afghans-affected-MoDs-mass-data-breach-killed.html?ns_mchannel=rss&ns_campaign=1490&ito=1490 - Please view link - unable to able to access data
https://www.reuters.com/world/uk/uk-launched-secret-scheme-relocate-afghans-after-data-leak-documents-show-2025-07-15/ - Following a significant data breach that exposed the personal details of more than 33,000 Afghans who assisted British forces, the UK government launched a covert scheme to relocate thousands to safety. The breach, caused by a soldier’s error in early 2022 but only discovered in August 2023, compromised sensitive data, placing the individuals at risk of Taliban reprisals. In response, a superinjunction was granted in 2023 to prevent further public disclosure, protecting lives. A May 2024 High Court ruling revealed the potential need to relocate up to 20,000 people, at a cost of several billion pounds. As of May 2025, about 16,000 affected individuals had already been resettled in the UK, with 4,500 more in transit, costing approximately £400 million. Prime Minister Keir Starmer’s newly elected government reviewed the incident, the injunction, and the relocation efforts. Their findings suggested ongoing danger in Afghanistan but limited evidence of systemic retaliatory efforts by the Taliban. The UK government now faces lawsuits from those affected, adding to the repercussions of the breach.
https://www.reuters.com/business/media-telecom/spies-sas-troops-among-uk-nationals-details-afghan-leak-bbc-says-2025-07-17/ - In one of the UK’s most severe data breaches, personal details of over 100 British nationals, including MI6 spies and SAS troops, were exposed in a Ministry of Defence leak in early 2022. The leaked data resurfaced on Facebook a year later, raising serious security concerns. As a result, over 16,000 Afghans were relocated to the UK by May 2025 to protect them from potential Taliban reprisals. The breach also included information on lawmakers and senior military officials who supported the Afghan resettlement effort. The UK government responded by launching a secret relocation program costing approximately £2 billion ($2.68 billion). A superinjunction, which previously prohibited any public disclosure of the leak or the relocation efforts, was lifted on July 15, 2025. Defence Secretary John Healey has issued a formal apology for the breach, and the Ministry of Defence emphasized its commitment to the security of its personnel, especially those in sensitive roles.
https://www.reuters.com/business/media-telecom/uk-doesnt-know-how-much-massive-afghan-data-leak-will-cost-watchdog-says-2025-09-02/ - A report by the UK's National Audit Office (NAO) reveals the Ministry of Defence (MoD) lacks clarity on the financial impact of a major data leak involving thousands of Afghans. In early 2022, an MoD official erroneously sent personal details of 18,700 Afghans seeking resettlement to an unauthorized recipient, with the data later appearing on Facebook. This breach, considered one of Britain's worst security incidents, prompted the creation of the secret Afghanistan Response Route (ARR) relocation scheme in 2022, as those affected faced Taliban threats. The MoD estimated the cost at £850 million ($1.15 billion), but the NAO expressed doubts about the figure’s accuracy, noting it excluded potential compensation claims. The breach was initially under a court superinjunction, lifted in July 2025 when Defence Secretary John Healey publicly apologized. The NAO noted that 7,355 individuals are to be resettled through the ARR, but up to 27,278 people tied to British efforts in Afghanistan may have been impacted.
https://news.sky.com/story/mod-data-breach-put-lives-of-around-20000-afghans-at-risk-of-serious-violence-13396941 - Almost 7,000 Afghan nationals are being relocated to the UK following a massive data breach by the British military that successive governments tried to keep secret with a superinjunction. The blunder exposed the personal information of close to 20,000 individuals, endangering them and their families - with as many as 100,000 people impacted in total. The UK only informed everyone on Tuesday - three-and-a-half years after their data was compromised. The Ministry of Defence (MoD) said the relocation costs alone directly linked to the data breach will be around £850m. An internal government document from February this year said the cost could rise to £7bn, but an MoD spokesperson said that this was an outdated figure. However, the total cost to the taxpayer of existing schemes to assist Afghans who are deemed eligible for British support, as well as the additional cost from the breach, will come to at least £6bn. Details about the blunder can finally be made public after a judge lifted the injunction that had been sought by the government. A source said a small number of people named on the list are known to have subsequently been killed, though it is not clear if this was a direct result of the data breach. It is not clear whether the Taliban has the list - only that the MoD lost control of the information.
https://news.sky.com/story/thousands-more-afghans-affected-by-second-data-breach-ministers-say-13412464 - Thousands more Afghan nationals may have been affected by another data breach, the government has said. Up to 3,700 Afghans brought to the UK between January and March 2024 have potentially been impacted as names, passport details and information from the Afghan Relocations and Assistance Policy has been compromised again, this time by a breach on a third party supplier used by the Ministry of Defence (MoD). This was not an attack directly on the government but a cyber security incident on a sub-contractor named Inflite - The Jet Centre - an MoD supplier that provides ground handling services for flights at London Stansted Airport.
https://committees.parliament.uk/committee/24/defence-committee/news/209122/defence-committee-launches-broad-inquiry-into-mod-afghan-data-breach-and-resettlement-schemes/ - Today the Defence Committee launches an inquiry into the Afghan data breach and the resettlement schemes. In July 2025, the High Court lifted a ‘superinjunction’ that had been in place since September 2023, suppressing information about a data breach that had taken place in February 2022, involving the personal data of thousands of Afghan applicants for resettlement to the UK and their families, potentially putting these people at risk of reprisals. In 2024-25, the Government secretly brought many of those affected by the data breach to the safety of the UK, including people whose initial applications for resettlement had been rejected. The deadline for written evidence is Tuesday 14 October 2025. While lived experience can inform the Committee's work, please be aware that the Committee does not consider or assist with individual cases.

Noah Fact Check Pro

The draft above was created using the information available at the time the story first emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation.

Freshness check

Score: 7

Notes: The report references new information about the deaths linked to the MoD's data breach, with some sources dating to July 15, 2025. While based on a parliamentary inquiry, the repeated mention of similar reports from July 2025 suggests potential recycling of older material, warranting a moderate to high freshness score but should be flagged for possible duplication.

UK Ministry of Defence
Afghanistan
Data breach