Major Afghan data breach investigated by ICO ‘in a few unrecorded meetings and a handshake’, MP says

Your support helps us tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground as the story unfolds. Whether it’s investigating the finances of Elon Musk’s pro-Trump PAC or producing our latest documentary, ‘The A Word,’ which sheds light on American women fighting for reproductive rights, we know how important it is to separate facts from messages.

We need reporters on the ground at such a critical moment in U.S. history. Your donation allows us to continue sending journalists to tell both sides of the story.

The Independent is trusted by Americans across the political spectrum. And unlike many other quality news sources, we choose not to exclude Americans from our reporting and analysis through paywalls. We believe quality journalism should be available to all and paid for by those who can afford it.

Your support makes a big difference.

The Ministry of Defense’s investigation into the Afghan data breach was resolved through “a few off-the-cuff meetings and handshakes”, an MP has claimed in his scathing assessment of the regulator’s role in the scandal.

The disastrous breach exposed details of thousands of Afghans seeking to flee to Britain, saying they were in danger from the Taliban because of their links to UK forces. The leak, which occurred when a spreadsheet containing 33,000 lines of data was emailed to someone outside the government, triggered a massive secret eviction program.

The truth of what happened was only revealed after a court battle that lasted almost two years and included national media. Independent – challenged an unprecedented injunction.

The UK’s data regulator, the Information Commissioner’s Office (ICO), which was responsible for investigating the Ministry of Defense’s response to the leak, chose not to launch a formal investigation into what went wrong; This decision was met with criticism after the violation was revealed. The ICO was one of the few official bodies aware of the leak; The public and MPs were kept in the dark for nearly two years.

It has now emerged that the ICO has not taken any contemporaneous notes on its decision not to launch a formal investigation into the devastating data loss, claiming authorities failed to record anything due to the classification of classified information, which one MP claimed was “spread like confetti”.

Information commissioner John Edwards tells MPs he stands by decision not to investigate Afghan data breach (Parliament TV)

Information Commissioner John Edwards told MPs on Tuesday that the ICO was not formally investigating science, innovation and technology but had confidence in the “integrity” of MoD officials.

He said the ICO held occasional meetings with MoD officials and “will convey its observations on lines of inquiry”, adding: “I understand these are gratefully received”. The ICO ruled in June 2024 that the Ministry of Defense had done enough to ensure bad data practices did not happen again.

Conservative MP Kit Malthouse said he was surprised there was no official investigation given the seriousness of the breach. He told Mr Edwards: “You told us broadly that it was about a few off-the-record meetings and a handshake. See you, nothing to see here.”

“It seems to me extraordinary given its seriousness and impact… The picture you paint of the way the ICO has handled this looks worrying”.

Dr Lauren Sullivan MP added: “The way you investigate appears to depend heavily on the integrity of the person you are investigating.”

Mr Edwards said the ICO had tools it could use to investigate government departments, but they were not necessary in this case as no formal investigation had been launched.

He explained: “We did not investigate, yes we were relying on honesty. If we found out later that we were misled, we could have investigated.”

Dame Chi Onwurah MP, chair of the science committee, said: “When I saw some of the details of the Ministry of Defense data breach, I was surprised that it could have been part of the government’s data enforcement. 33,000 lines of Excel files containing top-secret information were floating around like confetti. This was not an individual failure… it was an institutional failure.”

He said he was not reassured by assurances that the MoD was “finally taking action” on poor data procedures and that the failures occurred under the watchful eye of the information commissioner.

Mr Edwards admitted the ICO did not have enough staff with advanced due diligence to handle top-secret information, but said it would not matter in this case as the regulator had decided not to launch an investigation.

He told MPs: “We are able to investigate top secret matters. We chose not to do that because it would tie up resources that could be better used elsewhere.”

He said the ICO was conducting a formal investigation into a smaller data loss in the same Ministry of Defense department and a mass email was sent to 245 Afghans working with the UK government.

Mr Edwards said that when the massive Afghan data leak was reported to the ICO “we are confident that the department took it seriously”.

Major Afghan data breach investigated by ICO ‘in a few unrecorded meetings and a handshake’, MP says

Leave a Reply Cancel reply

Champions League semi-final ‘special’ for Klopp

Dani Alves: The truth behind fights with Cristiano Ronaldo

Real Madrid v Espanyol Betting

Arsenal and Sutton communities teams deepen bonds

Dani Alves: The truth behind fights with Cristiano Ronaldo

Super Bowl 2017: Here’s How Many People Watched the Super Bowl

Related Articles

Leave a Reply Cancel reply