MoD Shares Afghanistan Interpreter’s Emails & PII

Business Data Breach

Expert(s): ISBuzz Staff | »


The British Ministry of Defense shared email addresses and PII on more than 260 Afghan interpreters in a bulk email that was sent out to people trying to relocate to the UK. The list included people still in Afghanistan as well as some that had been able to flee the country.

Former Defense Minister Johnny Mercer told BBC Radio: “The reality is we’ve left the vast, vast majority of our interpreters behind so this is going to have a profound impact on people who are still in the country.” Mr. Wallace revealed to the Daily Mail  that the UK “has been unable to contact eight of the 260.” The email was sent to the interpreters by the team in charge of the UK’s Afghan Relocations and Assistance Policy (Arap). Apparently, some of the recipients did not notice that all of the emails were exposed, and they replied to the outreach with details of their personal situations.

Saryu Nayyar

| September 22, 2021

Saryu Nayyar, CEO, Gurucul

When we add up the costs of data breaches, rarely do we consider human lives. But that’s exactly what has the potential to happen with a UK Ministry of Defense data breach that inadvertently sent out an open email to those Afghans who collaborated with the British during the long war. Because all received the email addresses and personal information of everyone else, it is inevitable that this information will fall into the hands of those that wish them harm.

This is an inexcusable mistake by the Ministry of Defense, and no amount of advice on managing risks can make up for it. We should treat all correspondence as if those people’s lives will depend on getting it right. Not doing so normally is simply an error in judgment, but in this case, it has life-threatening consequences.


| September 22, 2021

Garret F. Grajek, CEO, YouAttest

No better story that exemplifies that data is life – and lives are at stake. Like the Colonial pipeline IT breach – if an enterprise’s data and resources are compromised – lives can be at risk. The sad part is the best practices for cybersecurity have been detailed and most cyber incidents can be avoided if these practices are followed.

It doesn’t matter if the guidelines are the NIST Cyber security framework 800-53, which is the general guideline for cybersecurity put out by the U.S. Department or commerce – or the new NIST 800-171 which details best practices to secure data for defense contractors – the best practices are known, documented and communicated. The rush to deployment of resources – often leaves many of these steps ignored.  Unfortunately, to our own peril.


| September 22, 2021

Doug Britton, CEO, Haystack Solutions

Even with the most sophisticated network defense available, security compromises can happen in seemingly innocent ways. This is a serious reminder that we need to invest in cyber security training and talent. As a community, we need to improve the way communications and sensitive data is handled or we will continue to face these kinds of issues.

MoD Shares Emails & PII
External Link: MoD Shares Afghanistan Interpreter’s Emails & PII

Share this page:

Related Posts