Excerpt from EIN Article, Published on November 20, 2025
The Public Accounts Committee (PAC) strongly criticized the UK Ministry of Defence for mishandling a significant Afghan data breach. Nearly 18,700 people connected to UK operations in Afghanistan had their personal information exposed. The committee said the MoD ignored clear risks and failed to secure sensitive data. The lapse raised concerns about public trust and the safety of the individuals affected.
The committee found that the MoD stored highly sensitive details in Excel sheets uploaded to a shared SharePoint site. These files lacked strong security controls. The data first leaked in February 2022, but the MoD discovered the issue only in August 2023. The long delay highlighted internal weaknesses and poor monitoring. The PAC also noted that the MoD did not give the National Audit Office full visibility into the breach. Because of this, oversight bodies could not respond quickly or guide corrective action.
The breach placed vulnerable Afghan nationals at serious risk. Many had worked with British forces and depended on the UK for protection. The MoD created the Afghanistan Response Route (ARR) after the incident. It estimated ARR costs at £850 million. However, this figure did not include compensation or legal expenses. Committee members stated that the MoD must improve its tracking of ARR spending. They also asked the department to confirm that all Afghan resettlement schemes now use a secure casework system.
Sir Geoffrey Clifton – Brown said the department showed repeated errors in managing personal data. He stressed that the MoD must rebuild public confidence by fixing its internal systems and reporting more transparently. The committee also called for six – monthly updates on ARR progress and stronger accountability measures.
To delve deeper into this topic, Visit EIN News.
