Ministry of Defence Staff Warned About Data Sharing Risks Before Afghan Leak

Wed Oct 22 2025 15:53:28 GMT+0300 (Eastern European Summer Time)

A leaked report reveals that Ministry of Defence staff were cautioned against sharing data with hidden tabs prior to a significant data breach involving nearly 19,000 Afghan applicants seeking asylum in the UK.

Documents from the UK's Information Commissioner's Office show that Ministry of Defence (MoD) employees were warned about the dangers of sharing data with hidden content before a leak exposed personal details of 19,000 Afghan asylum applicants. The incident has raised questions about the MoD's data handling practices and the decision by regulators not to impose fines. The UK government estimates the fallout from the leak, which prompted an emergency resettlement scheme, could cost up to £850 million.

Ministry of Defence (MoD) staff were warned before the Afghan data leak not to share information containing hidden tabs, according to documents released by the UK's data regulator.

Last month it emerged that the details of almost 19,000 people who had applied to move to the UK were leaked when an official emailed a spreadsheet that contained a hidden tab with the information.

Documents released by the Information Commissioner’s Office (ICO) also show that staff there raised concerns about why the body had not issued a fine to the MoD.

The MoD said they had worked to improve data security, but an ICO spokesperson stated that the government had not yet done enough to learn the necessary lessons.

According to an ICO memo, guidance in place at the time of the leak showed that the MoD was aware of the risks of sharing data and explicitly referenced the need to remove hidden data from datasets.

Hidden tabs are a common feature in spreadsheet software and make information invisible to the user, yet still accessible if the document's settings are changed.

The government estimates that the 2022 leak, which led to an emergency resettlement scheme for people at risk of persecution by the Taliban, will ultimately cost around £850 million.

A super-injunction granted by the High Court in September 2023 prevented the incident from being reported for nearly two years, before the order was lifted last month.

Shortly after the MoD learned of the data breach in 2023, they informed the ICO. The two organizations held a series of secret meetings over the next two years, and documents published by the regulator reveal some of what was discussed.

Government officials commented that the leak was likely the most expensive email ever sent, while ICO staff questioned why the body had chosen not to independently investigate the MoD or impose a fine.

Data breaches involving public agencies must be legally reported to the ICO, which can then investigate and decide if a fine is warranted.

ICO staff privately discussed the potential reputational risk to the regulator of not acting against the MoD, especially after issuing a £350,000 fine for a smaller Afghan-related data breach in 2023.

In an email sent before the leak became public, an ICO staff member remarked that their justification for not fining the government was still an imperfect answer.

The ICO published the documents earlier this month following a Freedom of Information request.

The ICO ultimately decided against sanctioning the MoD as they did not wish to impose additional cost to the taxpayer.

An ICO spokesperson reiterated their focus on identifying breaches, rectifying issues, and learning lessons, citing that the government had not yet achieved the necessary pace of change.

The MoD stated that it has taken steps to enhance data security throughout the department via better software, training, and the engagement of data experts.

They also mentioned their collaboration with the ICO during the internal investigation and acceptance of all recommendations to prevent similar incidents in the future.

Ministry of Defence Staff Warned About Data Sharing Risks Before Afghan Leak

A leaked report reveals that Ministry of Defence staff were cautioned against sharing data with hidden tabs prior to a significant data breach involving nearly 19,000 Afghan applicants seeking asylum in the UK.

Virginia Giuffre's Haunting Memoir Reveals Fear of Lifetime as Epstein's Sex Slave

Afghanistan Withdraws from Cricket Series in Response to Deadly Air Strike

Afghanistan Withdraws from Cricket Series Following Fatal Air Strike on Local Players

US Defense Secretary's Plane Diverted to UK Due to Cracked Windscreen

Taliban Minister's Press Conference: A Shift in Gender Dynamics?

Outrage as Female Journalists are Barred from Afghan Embassy Event in India

Afghanistan Accuses Pakistan of Violating Sovereign Territory Amid Rising Tensions

Discord Admits Possible Leak of ID Photos for 70,000 Users Following Cyber-Attack

Taliban Government Enforces Social Media Restrictions in Afghanistan

Kenyans Secure Landmark Ruling on Paternity With British Soldiers

Historic Ruling: Kenyans Use DNA to Prove Paternity Claims Against UK Soldiers

Russia Intensifies Threats to UK Military Satellites with Weekly Jamming Attempts

Russia's Ongoing Threat: Weekly Targeting of UK Military Satellites

Afghans Celebrate Restoration of Internet Following Taliban Blackout

Internet Connectivity Resumes in Afghanistan Following Taliban Blackout

Afghanistan's Flights Grounded Due to Nationwide Internet Shutdown

Afghan Women Left Without Internet as Taliban Enforces Nationwide Shutdown

Internet Shutdown Strips Afghan Women of Their Last Hope

BBC's Investigative Triumph: Unveiling Europe's Dog Fighting Network

Afghanistan Faces Nationwide Telecom Blackout Amid Taliban Internet Shutdown