Defence Secretary John Healey has offered a "sincere apology" on behalf of the British Government for a massive data breach which exposed details of Afghans who helped British troops. Shadow defence secretary James Cartlidge also apologised on behalf of the former Conservative government, who were in power when the leak occurred and when it was discovered more than a year later.
Their apologies came after a superinjunction was lifted on Tuesday, which had prevented the media from reporting the data breach. Healey told the Commons: "This serious data incident should never have happened."
Government offers formal apology
"It may have occurred three years ago under the previous government, but to all those whose information was compromised, I offer a sincere apology today on behalf of the British Government, and I trust the shadow defence secretary, as a former defence minister, will join me," Healey said. Cartlidge, who was a minister in August 2023 when the then-government became aware of the data breach, mirrored this sentiment.
He said: "The Secretary of State has issued an apology on behalf of the Government and I join him in that and in recognising that this data leak should never have happened and was an unacceptable breach of all relevant data protocols." The Conservative MP added that he agreed it was right that an apology was issued specifically to those whose data was compromised.
Nearly 19,000 people affected
A dataset containing the personal information of nearly 19,000 people who applied for the Afghan Relocations and Assistance Policy (Arap) was released "in error" in February 2022 by a defence official. Arap was responsible for relocating Afghan nationals who had worked for or with the UK Government and were therefore at risk of reprisals once the Taliban returned to power in Kabul in 2021.
The Ministry of Defence (MoD) only became aware of the breach over a year after the release, when excerpts of the dataset were anonymously posted onto a Facebook group in August 2023. The Government sought a court order to prevent details of the breach being published and was granted a superinjunction, which also stopped the fact an injunction had been made from being reported.
Secret relocation scheme created
The leak resulted in the creation of a secret Afghan relocation scheme - the Afghanistan Response Route (ARR) - in April 2024. Between 80,000 and 100,000 people, including family members of the Arap applicants, were affected by the breach and could be at risk of harassment, torture or death if the Taliban obtained their data, judges said in June 2024.
However an independent review, commissioned by the Government in January 2025, concluded last month that the data loss was "unlikely to profoundly change the existing risk profile of individuals named". Around 4,500 people, made up of 900 Arap applicants and approximately 3,600 family members, have been brought to the UK or are in transit so far through the Afghanistan Response Route.
£850 million projected cost
A further estimated 600 people and their relatives are expected to be relocated before the scheme closes, with a total of around 6,900 people expected to be relocated by the end of the scheme. The ARR is understood to have cost around £400 million so far, with a projected cost of around £850 million, once completed.
Healey told MPs that he had been "deeply uncomfortable to be constrained from reporting to this House" as he referred to the superinjunction, which was made at the High Court in September 2023 to reduce the risk of alerting the Taliban to the existence of the data breach. He added that the safety of Afghans who were at risk from the leak had weighed "heavily" on him.
Steps taken to prevent recurrence
The Defence Secretary said: "I would have wanted to settle these matters sooner, because full accountability to Parliament and freedom of the press matter deeply to me. They're fundamental to our British way of life." He explained that lives may have been at stake, adding: "So this weighs heavily on me, and it's why no Government could take such decisions lightly, without sound grounds and hard deliberations."
He assured MPs that the MoD has taken steps to prevent another such data breach happening again. Healey said: "This data leak was just one of many from the Afghan schemes at the time."
New security measures implemented
"And what I can say is that since the election, in this last year, we as a Government have appointed a new chief information officer," he told the Commons. "We have installed new software to securely share data, and we have also completed a comprehensive review of the legacy Afghan data on the casework system."
The minister said "one can never say never", but added that he is "more confident than I was 12 months ago about the reduced risk of data losses and data breaches in future". Chairman of the defence committee Tanmanjeet Singh Dhesi told the Commons: "This whole data breach situation is a mess and is wholly unacceptable."
The Labour MP added that he is "minded to recommend to my defence committee colleagues that we thoroughly investigate, to ascertain what has actually transpired here, given the serious ramifications on so many levels".
(PA) Note: This article has been edited with the help of Artificial Intelligence.
