BBC News
PAThe Ministry of Defence offered to expedite the review of a rejected resettlement application of an Afghan national after he posted sensitive details from a data breach on Facebook, the BBC understands.
The man published nine names from a dataset containing details of thousands of Afghans who applied to be relocated to the UK after the Taliban seized power, and indicated he could release the rest.
He obtained the details after they were sent out from UK Special Forces headquarters in an accidental data breach in February 2022.
British authorities tracked the man down and strongly requested he take the data down, offering an expedited review of his rejected resettlement application in return.
The BBC understands the man is now in the UK, having had his rejected application overturned. He is not believed to be facing any criminal charges in relation to his conduct.
Government sources close to the process told the BBC the individual had essentially blackmailed his way into the country using the leaked dataset.
When asked about the actions of the individual and his subsequent relocation to the UK, the MoD declined to comment on the case.
A spokesperson said “anyone who comes to the UK under any Afghan relocation schemes” must go through “robust security checks in order to gain entry”.
The BBC has also approached the Met Police for comment.
Getty ImagesJohnny Mercer, the former veterans minister, who was covered by the super-injunction because of his knowledge of the events, told the BBC the breach was representative of the “chaos” around the relocation process, and the individual brought to the UK had used the data to get in.
“He put the names on Facebook and essentially bribed the MoD to get in the country. The Ministry of Defence offered to expedite his case and next thing you know he’s in the UK,” Mercer said.
“There were multiple data leaks from the MoD regarding these applications. I think that gives you some sense of the chaos and lack of care in how things were being run at that time.”
The breach occurred in February 2022 after someone working in UK Special Forces (UKSF) headquarters accidentally emailed the personal data of every applicant to the UK’s Afghan resettlement scheme to date – nearly 19,000 people – to someone outside government.
The data was sent to an Afghan person living in the UK, who passed the information onto others, including people in Afghanistan. One individual in Afghanistan, after having his application rejected, posted some of the data on Facebook.
Alerting a defence minister to the presence of the data on Facebook in August 2023, an MoD case worker helping people seeking relocation called the possibility the Taliban might get hold of it “bone-chilling”.
The data came from the Afghan Relocations and Assistance Policy (Arap) resettlement scheme, set up in 2021 as the Taliban seized control of Afghanistan.
It was highly sensitive because Afghan nationals who worked with the British government during the conflict with the Taliban were at risk of serious harm and even execution with the group back in power.
The breach led to the previous government setting up a secret £850m emergency resettlement scheme to bring some of those in the database to the UK.
Both the breach and subsequent scheme were kept secret by an unprecedented super-injunction, until it was lifted by High Court judge Mr Justice Chamberlain on Tuesday.
The emergency scheme – known as the Afghanistan Response Route and set up in April 2024 – has resulted in about 4,500 Afghans being brought to the UK so far, with a further 2,400 expected.
The government announced this week the scheme was being closed down, but said relocation offers already made to those who remain in Afghanistan would be honoured.
Special forces veto had role in breach
The UKSF official who inadvertently leaked the data was assisting with the verification of a small number of applications from Afghan special forces when the accidental breach occurred.
The official was in possession of the full dataset because UKSF – the umbrella group containing the SAS and SBS – was given a secret veto over Arap applications from former members of Afghan special forces.
The BBC revealed last year that UKSF had used that veto to block hundreds of Afghan commandos who had fought alongside the SAS and SBS from relocating to the UK.
Documents obtained by Panorama showed special forces had rejected applications despite some containing compelling evidence of service alongside the SAS on dangerous night raid operations.
The personal information of many of those Afghan special forces were included in the massive data breach revealed this week.
But sources told the BBC they were sidelined in the emergency evacuation process and their cases were essentially paused, while case workers were instructed to prioritise people who had worked on British military bases for urgent evacuation.
Downing Street refused to say on Tuesday whether the UKSF official who accidentally leaked the data had faced disciplinary action. The BBC has confirmed he is no longer in the post he occupied at the time of the breach.
The MoD refused to comment on how many applicants affected by the breach had been harmed by the Taliban in the years since it happened. It said some of those whose data was compromised by the breach were not informed until after the lifting of the super-injunction.
Defence Secretary John Healey told the BBC on Wednesday he was “unable to say for sure” that no Afghans were killed as a result of the data breach, and the Taliban would “almost certainly” have held the same type of information.
Speaking in the Commons on Tuesday, he offered a “sincere apology” to those whose details had been included in the breach, which he described as a “serious departmental error” and a “clear breach of strict data protection protocols”.
Healey told MPs an independent review had found it was “highly unlikely” an individual would have been targeted solely because of the breach.
In a 2024 High Court judgement made public on Tuesday, Mr Justice Chamberlain said it was “quite possible” that some of those who saw parts of the leaked document in a Facebook group “were Taliban infiltrators or spoke about it to Taliban-aligned individuals”.
Erin Alcock, a lawyer for the firm Leigh Day, which has assisted hundreds of Arap applicants including dozens of former Afghan commandos, said the breach represented a “catastrophic failure” of the government to “protect the personal information, and therefore the safety, of what is an extremely vulnerable group of individuals”.
Do you have information about this story that you want to share?
Get in touch using SecureDrop, a highly anonymous and secure way of whistleblowing to the BBC which uses the TOR network.
Or by using the Signal messaging app, an end-to-end encrypted message service designed to protect your data.
SecureDrop or Signal: 0044 7714 956 936
Please note that the SecureDrop link will only work in a Tor browser. For information on keeping secure and anonymous, here’s some advice on how to use SecureDrop.
It’s proved a really important way for people to get in touch with us in the past.
