Afghan Citizen’s Data Exposed in Second MoD Breach
Reading Time: 2 minutes

More Afghan citizen’s data was exposed after the UK’s Ministry of Defence (MoD) suffered its second data breach. The exposed data may be misused by the Taliban forces against the Afghani nationals.

Mod earlier apologies for sending an email leading to exposing data of more than 250 Afghan interpreters working for the British forces while the Taliban occupied the country. The data leaked consisted of their email addresses, names, and LinkedIn profile images, putting them at risk of reprisals from the Taliban, now in charge of Afghanistan after the British troops kept them out for 20 years.

According to BBD, the second data breach involves data information of Afghan citizens eligible to relocate to the UK. The MoD by mistake sent an email earlier this month with information of dozens of people copied mistakenly. It consisted of the email addresses and names of 55 Afghanis, this includes people from the Afghan National Army. The contents of the email informed the receiver that UK relocation officials had been unable to contact them and requested updated details.

In its apology, MoD said it was offering extra support to those affected. A department spokeswoman was quoted as saying: “We have been made aware of a data breach that occurred earlier this month by the Afghan Relocation and Assistance Policy (Arap) team. This week, the defense secretary instigated an investigation into data handling within that team. Steps have now been taken to ensure this does not happen in the future.”

Wouter Klinkhamer, CEO at Zivver said: “The Afghanistan/MoD data leak news is a stark reality of what can happen when digital communications are not safeguarded. This is an extreme example, of course, where the data breach is potentially life-threatening. Still, all business leaders need to sit back and review how sensitive information is being shared and what support their workforce has to communicate securely. Commonly, incidents such as this result from human error (verified by the UK’s ICO) — an employee inadvertently selecting ‘Cc’ instead of ‘Bcc’ before sending the email. However, we’re all human, we all make mistakes — organizations need to focus on how they can empower their individuals to be able to share information securely when they need it, with confidence and with ease to avoid a potentially damaging situation.”

Related Articles:

New Nagios Software Bugs Can Allow Hackers to Compromise your IT Infrastructures
CloudSEK Payment API Vulnerabilities Exposed Millions of Users
Europol Busts A Major Crime Ring more Than 100 Online Fraudsters Arrested