The UK’s Information Commissioner’s Office (ICO) has imposed a £350,000 fine on the Ministry of Defence (MoD) for a significant data breach.
According to the statement posted on the UK Information Commissioner’s Office website, “The incident, which occurred during the chaotic Afghan evacuation after the Taliban’s 2021 takeover, involved the accidental disclosure of personal details of 245 Afghan nationals eligible for evacuation.”
The statement added, “The breach, caused by an email error, potentially endangered lives by exposing sensitive information to potential Taliban access. The MoD has since implemented new measures to prevent future breaches and cooperated fully with the ICO’s investigation. This penalty underscores the necessity of stringent data protection practices, especially in high-risk situations.”
The original email, issued by the team overseeing the UK’s Afghan Relocations and Assistance Policy (ARAP), was crucial in its context and purpose. This team is dedicated to aiding the relocation of Afghan nationals who have been associated with the UK Government in Afghanistan. The sensitive nature of the data within this email was significant; if it had been intercepted by the Taliban, it could have posed a serious threat to the lives of those involved.
After the data breach, the MoD advised affected individuals to delete the email, change their email addresses, and provide new details via a secure form. They also reached out to the ARAP team.
Additionally, the MoD conducted an internal investigation, addressed Parliament regarding the breach, and improved ARAP’s email protocols. This included a new policy requiring emails to external recipients to be reviewed by a second staff member for extra security.
Acknowledging the MoD’s response and the ARAP team’s challenges, the ICO reduced the fine from £1,000,000 to £700,000, then to £350,000 under public sector policy, as a deterrent for future data breaches.
According to the British Government, from the Taliban’s takeover until the end of March 2023, approximately 24,600 people, including British nationals, arrived in the UK from Afghanistan.
Approximately 21,000 of these were resettled through various schemes. About 2,000 arrived before Operation Pitting, 15,000 during the operation, and 7,000 have arrived since.
The post UK Ministry of Defence fined £350,000 for data breach during Afghan nationals’ evacuation appeared first on Khaama Press.