MoD data breaches put nearly 2,000 people at risk

The shadow defence secretary has accused the Ministry of Defence (MOD) of having “lax” security practices after nearly 2,000 individuals had personal information exposed in data breaches in the last 12 months.

Those who saw their data exposed include serving armed forces personnel, Afghan interpreters who worked for British forces, and new army recruits. The MoD saw a 40% increase in data breaches in the past year, with many incidents passing the threshold for reporting to the Information Commissioner’s Office (ICO).

Annual report highlights severity of data breaches

These figures have come to light via the MoD’s annual report, which outlines details of the most severe breaches, which include:

  • A data breach that saw the name, station, and rank of 1,182 newly promoted personnel shared via group emails and WhatsApp.
  • Four data breaches exposing the details of more than 250 Afghan interpreters looking to relocate to the United Kingdom under the Afghan Relocations and Assistance Policy.
  • A breach that saw the personal information of 124 potential recruits leaked onto the dark web, which saw the Army’s recruitment platform taken offline for some time.

John Healey, Labour’s shadow defence secretary, said the government “is failing to get a grip of security” at the MoD.

Healey said: “From closing down the Army’s recruitment website for two months to leaving secret documents at a bus stop, security breaches are only getting worse under this Government’s watch while threats against the UK continue to rise.

“This lax approach must end immediately.”

Some incidents remain under ICO investigation

The MoD’s report highlighted that it had notified the ICO of 12 data breach incidents in the past year. The report also highlights that the MoD has suffered 2,500 “data loss incidents” since 2010, with 592 occurring in 2021/22 alone.

The ICO is still investigating the data breaches involving the personal data exposure of the Afghan nationals seeking relocation to the UK.

In April this year, the ICO concluded that no further action was needed following the recruitment data incident. The ICO has come to the same conclusion having completed its investigation into the breach affecting the 1,182 newly promoted personnel.

An ICO spokesperson said: “The Ministry of Defence made us aware of an incident.

“After carefully reviewing the information provided, we gave data protection advice and recommendations and closed the case with no further action.”

An MoD spokesperson said: “We take our information and data handling responsibilities very seriously and all incidents are investigated thoroughly.

“Following previous investigations, we have introduced further measures to prevent breaches from re-occurring, including a targeted campaign to encourage staff to report incidents, new data handling procedures and an active training programme around information security.”

If you’ve been affected by a data breach, LawPlus Solicitors can help you

Learn more about how we can potentially help you if you’ve been affected by a data breach, or complete our contact form on this page to get a free, no-obligation assessment of your claim.

Image Credit: under the Open Government Licence version 1.0.

Get in Touch

Fill in the form below to tell us your details, and we’ll get started.