A fresh data breach has put the Government in a tough spot once again, as it was revealed that a contractor admitted a large number of Afghans brought to the UK had their personal information leaked.
Approximately 3,700 individuals who made their way to Britain from Afghanistan between January and March 2024 may be affected by this incident.
This news follows the earlier revelation where around 19,000 Afghans, who applied to relocate to Britain following the Taliban’s takeover in 2021, had their information mistakenly made public due to a blunder by a British official.
The previous scandal pushed multiple Afghans into covert relocation efforts, details of which came to light only recently after a two-year super-injunction was removed by the High Court.
On Friday, it was noted that information related to the Afghan Relocations and Assistance Policy (ARAP) had been compromised once more.
The Inflite Group, a Ministry of Defence contractor offering ground handling services at London Stansted Airport, disclosed that they experienced a cyber-security breach.
Despite these events, the Government maintained that there was “no risk to individuals’ safety, nor a compromise of any government systems.”
The operations involved these flights to ferry Afghans to the UK, which were also utilized for transporting British personnel and officials.
Defense Secretary John Healey expressed a “sincere apology” for the earlier data breach, stating he was “deeply concerned about the lack of transparency,” and insisted, “No government wants to withhold information from the British public, parliamentarians, or the press in such a context.”
A Government spokesperson addressed Friday’s breach, commenting: “We were recently informed that a subcontractor to one of our suppliers faced a cyber security incident which involved unauthorized access to a limited set of its emails that contained basic personal information.”
“Ensuring data security is a high priority for us, and we are exceeding our legal obligations by informing all potentially affected individuals. The incident has not posed any threat to individuals’ safety, nor compromised any government systems.”
Inflite mentioned: “We alerted the Information Commissioner’s Office about the incident and have been cooperating with UK cyber authorities, such as the National Crime Agency and the National Cyber Security Centre, to assist with the investigation and response to this breach.”
“Though we believe the incident involved only email accounts, we have proactively reached out to key stakeholders whose data might have been affected from January to March 2024.”
