Ministry of Defence Staff Advised Against Data Sharing Prior to Afghan Leak

Sun Sep 14 2025 01:01:58 GMT+0300 (Eastern European Summer Time)

Confidential documents reveal Ministry of Defence staff were warned not to share data that included hidden tabs, leading to a major leak affecting thousands seeking refuge in the UK.

A significant data leak concerning nearly 19,000 Afghan applicants seeking asylum in the UK has raised serious questions about internal protocols at the Ministry of Defence. Documents from the Information Commissioner’s Office suggest staff were alerted to the risks of sharing sensitive data but failed to take the necessary precautions. Calls for accountability and improvement in data management continue amid concerns over governmental transparency and security.

The Ministry of Defence (MoD) staff were formally cautioned against sharing sensitive information containing hidden tabs prior to a major data leak that has affected nearly 19,000 Afghan applicants for relocation to the UK, according to newly released documents from the UK’s data regulator.

Last month, it was disclosed that important details regarding these individuals were exposed when a government official accidentally sent an email with a spreadsheet that included a hidden tab containing the confidential information.

The Information Commissioner’s Office (ICO) documents indicate that during the timeframe before the leak, staff raised concerns about why the MoD had not been sanctioned for this failure in data security. While the MoD stated that it worked to enhance data security measures after the incident, an ICO spokesperson pointed out that significant improvements were still needed.

As per ICO memos, there was a clear understanding that the MoD was aware of the dangers of data sharing and noted the necessity of eliminating hidden data from datasets to prevent leaks. Unfortunately, those measures were not adequately implemented.

The leak, which resulted in the UK's emergency resettlement scheme for those fearing Taliban persecution, is estimated to cost the government approximately £850 million. However, the ICO decided against imposing a fine on the MoD, raising questions about the accountability of public bodies and the reputation of the regulatory agency.

Internal communications revealed that while the ICO understood the high stakes of the leak, including the potential repercussions for both the government and the agency itself, they quietly grappled with the decision to forgo an investigation or penalties. One email reflected an ICO official’s sentiment that their rationale for not fineing the MoD was still an ‘imperfect answer,’ even as the agency moved forward with its internal assessments.

The ICO was cautious about the implications of fining the MoD, noting a fear of adding unnecessary costs to taxpayers. Furthermore, the security challenges faced due to multiple previous breaches have highlighted ongoing concerns regarding the data handling protocols within the agency.

In light of the continuing situation, MoD representatives have committed to improving data security standards, stating they are collaborating closely with the ICO while implementing recommendations to prevent similar events from reoccurring in the future.