A contractor linked to the UK Ministry of Defence has been hit by a cyber-attack, exposing personal data linked to Afghan resettlement efforts. It is the latest in a series of breaches involving the private information of Afghan refugees.
The breach at Inflite The Jet Centre Ltd, a company that provides ground services for flights linked to the UK’s defence ministry and the Cabinet Office, has exposed the personal data of up to 3,700 people, including Afghans seeking refuge as part of the Afghan Relocations and Assistance Policy.
All the individuals affected by the breach flew into London Stansted airport between January and March 2024.
The leak may have also released the information of civil servants, soldiers on routine exercises and journalists.
In a statement on its website, Inflite The Jet Centre Ltd confirmed that a data breach had occurred involving “access to a limited number of company emails”.
The company said the incident had been reported to the Information Commissioner’s Office, and that it was working with the National Crime Agency and the National Cyber Security Centre on its investigation.
“We believe the scope of the incident was limited to email accounts only, however, as a precautionary measure, we have contacted our key stakeholders whose data may have been affected during the period of January to March 2024”, the statement said.
It isn’t yet clear who carried out the cyber-attack on the company’s databases but a message was sent to the affected people warning them of the breach.
A government spokesperson said: “We were recently notified that a third-party sub-contractor to a supplier experienced a cybersecurity incident involving unauthorised access to a small number of its emails that contained basic personal information.
“We take data security extremely seriously and are going above and beyond our legal duties in informing all potentially affected individuals.
“The incident has not posed any threat to individuals’ safety, nor compromised any government systems.”
The data is not believed to have been leaked to the dark web or made public.
In February 2022, a separate breach by a defence official disclosedthe personal data of 18,714 Afghans who had worked with British forces. The UK high court granted a superinjunction to the Tory government in 2023 to suppress information related to the breach, for which the Labour defence secretary, John Healey, later issued an apology.
