Data Breach Exposed 3,700 Individuals, Including Afghan Troops, British Civil Servants
Published on August 18, 2025
- Third party: A subcontractor handling flights for the British Ministry of Defense announced unauthorized email account access.
- Who was impacted: It is believed that up to 3,700 military personnel and civil servants are at risk.
- What was exposed: Inflite The Jet Centre leaked sensitive personal information, possibly including passport details.
A data breach involving up to 3,700 individuals, including Afghan troops, British civil servants, and military personnel, has been reported. The breach, tied to Stansted-based Inflite The Jet Centre Ltd, came to light following unauthorized access to company email accounts.
Inflite, which provides ground-handling services under a contract linked to the Ministry of Defence (MoD) and the Cabinet Office, acknowledged the “unauthorized access to a limited number of company emails.”
Key Details of the Breach
According to official reports from ITV, the breach was limited to email accounts and occurred between January and March 2024. While the compromised data mainly includes basic personal information, Inflite The Jet Centre said the 3,700 individuals impacted by the cyber incident were notified as a precaution.
Potential victims include:
- Afghans who were brought to the U.K.
- troops traveling to routine military exercises
- journalists accompanying ministers on official engagements
Among the affected parties may also be Afghans relocated to the U.K. under the Afghan Relocations and Assistance Policy (ARAP), a separate notification reported in The Independent and The Times suggested, cited by ITV.
The data breach has also raised concerns about the possible exposure of other sensitive details, such as visa information and passport data, according to the PA news agency cited by ITV, which mentioned that the HM Passport Office said compromised passport details would not be exploitable without the physical documents.
The Cabinet Office assured the public that there is no evidence to suggest the data has been shared on the dark web or released publicly.
Official Response and Security Steps
A Government spokesperson emphasized that this incident did not compromise governmental systems or pose imminent safety risks. “We were recently notified that a third-party subcontractor to a supplier experienced a cybersecurity incident involving unauthorised access to a small number of its emails that contained basic personal information,” the spokesperson said.
Meanwhile, TechNadu reported in July that the government admitted that 18,714 Afghan collaborators had their data leaked in a February 2022 data breach that also exposed 100 British MI6 and SAS officials.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular