A new data breach has exposed the personal details of up to 3,700 individuals, including Afghans resettled in the UK, after a cyberattack on an aviation contractor linked to the Ministry of Defence (MoD). This incident, which marks the latest in a series of data security failures, has raised serious concerns about the safety of vulnerable individuals who assisted British forces in Afghanistan.
The breach occurred at Inflite The Jet Centre Ltd, a sub-contractor that provides ground handling services for flights at London Stansted Airport. The company confirmed it suffered a “cybersecurity incident involving unauthorised access to a small number of its emails.” The affected individuals, who were flown to the UK between January and March 2024, include those under the Afghan Relocations and Assistance Policy (ARAP), as well as British military personnel and civil servants. The leaked data is said to include sensitive information such as names, passport numbers, and ARAP reference numbers.
The incident is particularly alarming given a previous, more significant data breach in 2022, which mistakenly exposed the details of nearly 19,000 Afghan applicants to a UK resettlement scheme. That catastrophic leak led to a secret and costly evacuation program and a two-year legal battle to keep the details under a “superinjunction.” The latest breach, while smaller in scale, is a fresh reminder of the ongoing risks faced by those who cooperated with the UK and who now fear retribution from the Taliban.
A government spokesperson stated that while they have informed all potentially affected individuals, the incident “has not posed any threat to individuals’ safety, nor compromised any government systems.” However, critics, including former Afghan interpreter and campaigner Rafi Hottak, expressed deep worry over the MoD’s repeated failure to safeguard the data of its Afghan allies. “How can it be that we’ve now had three separate data leaks involving one of the most vulnerable groups of people?” Hottak asked. The government maintains that there is no evidence the data has been released publicly.
Inflite The Jet Centre Ltd has reported the incident to the Information Commissioner’s Office and is working with UK cyber authorities. The repeated breaches underscore a systemic problem with data handling within government-linked operations and highlight the immense risk for those whose lives depend on the security of this information. The ongoing situation leaves many questioning the UK’s commitment to protecting those who risked everything to stand with them.
