Data Breach Exposes 100 British MI6 and SAS Officials and Thousands of Afghan Collaborators

• What happened: A Special Forces headquarters email containing relocation details for Afghans was sent to the wrong recipient.
• People impacted: The leak exposed the personal details of 100 British officials and 30,000 Afghan collaborators.
• Lives at risk: Until now, the identities of 19,000 Afghans were posted on Facebook by someone in Afghanistan.

The extensive fallout from a significant British data breach involving MI6, SAS operatives, and Afghan allies, affecting sensitive military and intelligence data, was unveiled due to a newly lifted High Court injunction.

The British Ministry of Defence (MoD) covertly established a resettlement scheme for those affected, known as the Afghanistan Response Route (ARR), without informing the individuals about the breach, which raised critical concerns about cybersecurity and accountability.

Timeline of the Data Breach  

The breach occurred in February 2022, stemming from an accidental email from the U.K. Special Forces headquarters in London that sent over 30,000 Afghan relocation applications to an external recipient. 

On Wednesday, the government admitted that 19,000 Afghans had their data leaked in the context of their collaboration with the British during the 20-year war in Afghanistan and U.K. resettlement applications.

While this leak initially went unnoticed, in August 2023, someone in Afghanistan who had obtained the data leaked part of it on Facebook, putting lives at risk. The MoD imposed a super-injunction to suppress details and expedited the review of the individual's resettlement application.

The breach also uncovered personal details of more than 100 British officials, including MI6 agents and SAS operatives. The MoD set up the ARR resettlement program in April 2024, relocating over 4,500 individuals and planning to assist an additional 2,400.  

Impact and Government Response  

MI6 is the UK's foreign intelligence agency, focused on overseas intelligence gathering. The SAS is an elite British Army special forces unit, specializing in counter-terrorism and reconnaissance.

The data breach impacting personnel from these critical defense and intelligence bodies, alongside Afghan collaborators, highlights severe vulnerabilities.

Concern persists about Taliban retaliation against Afghans listed. Families in Afghanistan report intensified threats amid fears for their relatives' safety.  

The government branded this data breach a "serious departmental error." The creation of a rapid-response program underscored its urgency, but the shadow defense secretary criticized previous administrations for systemic failures.  

Lessons and Implications  

The British data breach draws concern over its data handling, especially in high-risk geopolitical contexts. 

Meanwhile, the U.S. Army National Guard was hacked by China’s Salt Typhoon for nearly a year, accessing administrator credentials, network traffic diagrams, maps, and employee PII.