London (Reuters) – The British data regulator said on Wednesday it had fined the defence ministry for a series of email data breaches that revealed details of over 265 Afghans who were seeking relocation to Britain after the Taliban took control of Afghanistan.
The Information Commissioner’s Office (ICO) said it had fined the Ministry of Defence (MoD) 350,000 pounds, saying the department did not have operating procedures in place to ensure group emails had been sent securely to the Afghan nationals who had worked for or with the British government.
“This deeply regrettable data breach let down those to whom our country owes so much,” Information Commissioner John Edwards said in the statement.
“While the situation on the ground in the summer of 2021 was very challenging and decisions were being made at pace, that is no excuse for not protecting people’s information who were vulnerable to reprisal and at risk of serious harm.
Ben Wallace, who was defence minister at the time, had already issued an apology in front of the British parliament and launched an investigation into the breach.
The MoD said it recognised the severity of the issue and repeated that apology, adding that it would set out further details on the measures it was implementing to address the ICO’s concerns in due course.
The department had sent an email to a distribution list of Afghan nationals eligible for evacuation on Sept. 20, 2021 with all applicants copied, causing the personal information of 245 people to be inadvertently disclosed, the ICO said.
The MoD’s own probe found two other similar breaches during the same month, compromising 265 email addresses in total, the ICO said, adding that the data disclosed could have resulted in a threat to life if it had fallen into the hands of the Taliban.