A cyber incident involving a Ministry of Defence (MoD) sub-contractor has exposed the personal information of thousands of Afghans who were evacuated to Britain under a resettlement program.
The security lapse occurred at Inflite The Jet Centre, a firm handling ground services at London Stansted Airport. Hackers gained access to several company email accounts containing sensitive details such as names, birth dates, passport numbers, and Afghan Relocations and Assistance Policy (ARAP) references. Early estimates suggest the breach could affect as many as 3,700 Afghans.
Officials stressed there is no indication the data has been leaked publicly or that it threatens UK systems, but affected families were informed by email last week. The breach also appears to involve some information relating to UK service members and ex-government ministers.
In a statement, an MoD spokesperson said:
“We were informed of unauthorized access to a small number of emails belonging to a supplier’s sub-contractor. While the data involved was limited, we are contacting anyone who might have been impacted and are taking precautionary steps.”
The company has reported the matter to the Information Commissioner’s Office (ICO).
Advocacy groups have condemned the incident. Professor Sara de Jong of the Sulha Alliance said Afghans who risked their lives alongside British forces should not be made vulnerable again through “avoidable security failures.”
This is not the first such mishap. In 2022, a separate MoD error leaked details of nearly 19,000 Afghans who had applied to relocate following the Taliban takeover. That mistake forced emergency relocations and left many families exposed to severe risks.
Former senior officials called the latest breach “deeply troubling,” urging the government to tighten protections for those who supported UK operations in Afghanistan.
