Ministry of Defence under fire over data breach that put 2,000 people at risk

We use your sign-up to provide content in ways you’ve consented to and to improve our understanding of you. This may include adverts from us and 3rd parties based on our understanding. You can unsubscribe at any time. More info

Forces personnel, Afghan interpreters and even new army recruits were caught up in the blunders, documents show. A 40 per cent hike was recorded in the number of incidents that were so serious the watchdog had to be called in.

One breach alone involved the names and station location and newly promoted rank of 1,182 soldiers being shared outside the MoD on email and WhatsApp.

It included Special Air Service, Special Boat Service and the Special Reconnaissance Regiment personnel.

The department’s annual report also includes details of the four breaches that put at risk around 320 Afghan interpreters who were seeking relocation in Britain.

MoD officials apologised last year when it emerged that a message to those seeking assistance included email addresses for others trying to flee the country under the Afghanistan Relocations and Assistance Policy (ARAP Scheme).

The names, rank, date of birth, marital status, passport number, photographs and passwords of 263 people were affected when a computer system was infected by a virus.

Details 124 army recruitment candidates were leaked to the dark web by twitter activists, including mobile phone numbers in another breach.

It led to the Army’s recruitment website being shut down while security was improved.

Classified MoD documents containing details about HMS Defender and the British military were found at a bus stop in Kent last year in a separate incident.

Shadow Defence Secretary John Healey said the government “is failing to get a grip of security” at the Ministry of Defence. 

“From closing down the Army’s recruitment website for two months to leaving secret documents at a bus stop, security breaches are only getting worse under this Government’s watch while threats against the UK continue to rise,” he added.

“This lax approach must end immediately.” 

There were 12 incidents reported to the Information Commissioner’s Office (ICO), which protects data privacy, last year, up 40 per cent on the year before.

Overall, the figures show more than 2,500 separate data loss incidents have taken place in the last 12 years, with 592 incidents taking place in 2021/22.

The ICO is still investigating the Afghanistan relocation and assistance cases.

It said has finished the investigation into the biggest data breach in the report about personal details on a forces promotion list being shared. 

An ICO spokesman said: “The Ministry of Defence made us aware of an incident. 

“After carefully reviewing the information provided, we gave data protection advice and recommendations and closed the case with no further action.”

A Ministry of Defence spokesperson said:

“We take our information and data handling responsibilities very seriously and all incidents are investigated thoroughly.

“Following previous investigations, we have introduced further measures to prevent breaches from re-occurring, including a targeted campaign to encourage staff to report incidents, new data handling procedures and an active training programme around information security.”

Source: Read Full Article