In a striking revelation that has sent shockwaves through the British government and intelligence community, the personal details of more than 100 British officials—including spies and members of the elite Special Air Service (SAS) and MI6—were inadvertently exposed in a massive data breach linked to Afghan resettlement efforts. This breach, which also compromised the identities and sensitive information of nearly 19,000 Afghans who had applied to relocate to the UK, has triggered a secret resettlement program and raised serious questions about data security and government transparency.
The breach occurred in February 2022, just six months after the Taliban seized Kabul, when a Ministry of Defence (MoD) official mistakenly emailed a spreadsheet containing over 30,000 resettlement applications to an individual outside the government. The official believed they were sending data on only 150 people, but the error exposed a vast trove of personal information. It wasn’t until August 2023—more than a year later—that the MoD became aware of the leak after excerpts were anonymously posted on a Facebook group by someone in Afghanistan who threatened to release more data.
According to Defence Secretary John Healey, who addressed Parliament on July 15, 2025, the spreadsheet included names and contact details of applicants and, in some instances, information relating to their family members. Notably, it also contained the names of members of Parliament, senior military officers, and government officials who had supported some applications. Healey described the incident as a "serious departmental error" and acknowledged it was "just one of many data losses" related to Afghan relocation schemes.
The leak’s sensitivity was amplified by the inclusion of British special forces personnel and MI6 operatives, whose identities are typically shrouded in secrecy. Defence sources confirmed that the document contained names, email addresses, and other personal details of individuals sponsoring or linked to cases, including those who had assessed whether Afghans claiming to be part of elite units—known as the 333 and 444 Triples—were eligible for relocation. The risk of such information falling into the wrong hands sparked significant official concern.
To protect those affected, the government established a covert resettlement program called the Afghanistan Response Route (ARR). This secret scheme has already relocated approximately 4,500 Afghans and their family members to the UK, with another 2,400 expected to arrive. The estimated cost of this program stands at around £850 million, covering relocation expenses directly linked to the breach. Yet, until recently, the program and the data leak were shrouded in secrecy due to a rare "super-injunction"—a court order preventing any media coverage or even acknowledgment of the breach’s existence.
The super-injunction was initially granted in September 2023, following the MoD’s discovery of the breach. It was kept under wraps until July 15, 2025, when a High Court judge lifted the order after a government review deemed that being on the dataset alone was unlikely to make individuals targets for the Taliban. A secondary injunction that concealed the involvement of special forces and intelligence personnel was also lifted two days later, allowing media outlets to report the full extent of the breach.
The leak’s fallout has been profound. Judges warned in June 2024 that those named could face harassment, torture, or death if the Taliban obtained their information. Afghans affected by the breach have expressed feelings of betrayal and fear. One Afghan interpreter who worked with the British military told Sky News he felt "betrayed by the British government" and feared for his and his family’s safety. Recipients of government warnings were advised to avoid phone calls or messages from unknown contacts and to limit social media visibility.
Parliamentary scrutiny has intensified. The Intelligence and Security Committee (ISC), which oversees UK spy agencies, has demanded immediate access to all documents related to the breach and the super-injunction proceedings. Its chair, Lord Beamish, questioned why such sensitive material was not shared with the committee earlier, emphasizing the importance of parliamentary oversight. The Commons Defence Select Committee has also launched an inquiry into the affair.
Political repercussions continue to unfold. Shadow Defence Secretary James Cartlidge apologized on behalf of the former Conservative government, which was in power when the breach was discovered and the super-injunction imposed. Prime Minister Keir Starmer has called for answers, stating that Tory ministers have "serious questions to answer" over the secret resettlement plan. Parliamentary Speaker Lindsay Hoyle described the situation as raising "significant constitutional issues," particularly concerning the lack of parliamentary briefing and public knowledge.
The MoD has maintained a firm stance on protecting the identities of special forces personnel. A spokesperson reiterated the "longstanding policy of successive governments to not comment on Special Forces," emphasizing that security measures for personnel in sensitive roles are always in place. The Metropolitan Police concluded that no criminal investigation was warranted, and the MoD has not disclosed whether disciplinary action was taken against the official responsible for the leak.
Adding further complexity, the BBC reported that the MoD expedited the application of the individual who posted the leaked data online, bringing him to the UK—a move described by government sources as "essentially blackmail." This episode underscores the delicate balance between security, humanitarian concerns, and political pressures.
The leaked data itself was extensive, including names, email addresses, and phone numbers for thousands of Afghans who had applied under existing relocation schemes. While it did not contain addresses or photographs, some entries included detailed case notes assessing whether the applicants had indeed assisted British forces. The dataset also referenced a "secret route" for Afghans to enter the UK, highlighting the covert nature of the resettlement efforts.
Following the lifting of the super-injunction, the UK government sent messages to those affected in English, Pashto, and Dari, warning them that their personal data may have been compromised and advising caution in communications. Many remain in hiding in Afghanistan, fearing Taliban reprisals intensified by the leak.
As the story unfolds, it paints a complex picture of a government grappling with the consequences of a grave error that jeopardized the safety of both Afghan allies and British operatives. The breach has exposed vulnerabilities in data handling within the MoD and raised critical questions about transparency, accountability, and the protection of those who risked their lives alongside British forces.
With parliamentary inquiries underway and public scrutiny mounting, the full ramifications of this data breach continue to emerge. What remains clear is the profound human cost and the urgent need for robust safeguards to prevent such lapses in the future.
