Thousands of Afghans Relocated to UK Under Secret Program Following Major Data Breach
Thousands of Afghan nationals have been secretly resettled in the UK under a classified government scheme established in response to a significant data breach, it has now been revealed.
The breach occurred in February 2022 when a Ministry of Defence (MoD) official accidentally leaked the personal information of nearly 19,000 Afghans who had applied for relocation to the UK after the Taliban’s return to power. The previous government only became aware of the breach in August 2023, when parts of the data appeared on Facebook.
In response, the government quietly launched a new resettlement initiative nine months later to assist those whose data had been exposed. So far, the scheme—officially titled the Afghan Relocation Route—has facilitated the arrival of approximately 4,500 Afghans to the UK.
However, both the breach and the subsequent relocations were kept under wraps through the use of a super-injunction, which prevented any public disclosure. This secrecy remained until a High Court ruling on Tuesday lifted the gagging order, making the details of the breach and government response publicly accessible for the first time.
The leaked information reportedly included names, contact details, and family relationships, putting individuals at potential risk of harm from the Taliban. Among those affected were senior military officials, MPs, and government personnel.
On Tuesday, Downing Street declined to comment on whether the MoD official responsible for the breach had faced disciplinary action. A spokesperson stated they would not comment on individual cases.
Further details released by the government include:
- The MoD believes 600 Afghan soldiers and around 1,800 of their relatives included in the leak are still in Afghanistan.
- While the Afghan Relocation Route is now being wound down, those already offered resettlement will still be relocated.
- The scheme has already cost £400 million and is expected to incur an additional £400–£450 million.
- The breach resulted from an MoD employee mistakenly sending a spreadsheet via unauthorised channels.
- Affected individuals were only notified of the breach on Tuesday.
Defence Secretary John Healey issued a formal apology in the House of Commons, describing the incident as a “serious departmental error.” He explained that the spreadsheet had been emailed outside secure government systems. While the breach was classified as one of several data losses during the Afghan evacuation, the Metropolitan Police determined a criminal investigation was unnecessary.
Conservative Party leader Kemi Badenoch also apologised, telling LBC that the exposure of names was a “terrible mistake” and offering her party’s regrets.
A 2024 High Court ruling, disclosed on Tuesday, highlighted concerns that Taliban infiltrators or sympathisers may have viewed the leaked information in Facebook groups. Initial fears estimated that as many as 100,000 people could be at risk due to direct or familial links to those named in the document.
However, an MoD-commissioned review later concluded it was “highly unlikely” anyone was targeted solely based on the data leak, and that the spread of the information may have been more limited than initially feared. The review nonetheless described the Afghan Relocation Route as a “highly significant intervention” in light of the potential threat.
Those affected by the breach have been advised via email to take precautions—such as safeguarding their online activity and avoiding unknown communications—to protect themselves from possible threats.
Healey confirmed that all individuals resettled under the scheme have already been counted in the UK’s immigration statistics.
‘Unprecedented’ Secrecy Over Afghan Data Breach Sparks Accountability Concerns
The revelation on Tuesday surrounding the UK government’s secret Afghan relocation scheme traces back to the chaotic aftermath of the U.S. military withdrawal from Afghanistan in August 2021, when the Taliban swiftly seized control of Kabul.
The data breach involved the personal details of thousands of individuals who had applied for the (ARAP)—a scheme introduced by the UK government to expedite the resettlement of Afghans facing potential Taliban reprisals.
The evacuation effort ultimately brought around 36,000 Afghans to the UK, but has since come under sharp criticism. A 2022 report by the Foreign Affairs Committee labelled the operation a “disaster” and a “betrayal” due to poor planning and execution.
Following the discovery of the data breach in 2023, the government created a new resettlement scheme. However, when media outlets became aware of the situation, the government sought a legal injunction to suppress reporting. The High Court granted a super-injunction—a rare legal tool that not only prevented any coverage of the leak, but also barred the press from revealing the existence of the injunction itself.
Defence Secretary John Healey, who was shadow defence secretary at the time, told Parliament he had been prevented from speaking publicly due to the “unprecedented” nature of the court order. He said he was unaware of any other case where such a broad gagging order had been issued.
Delivering a summary of his ruling, Mr Justice Chamberlain noted the order raised “serious free speech concerns.” He said the super-injunction effectively disabled the “ordinary mechanisms of accountability that operate in a democracy,” creating what he described as a “scrutiny vacuum.”
Court documents revealed that then-Defence Secretary Ben Wallace had personally applied for the injunction, arguing it would buy the government time to protect those whose lives may have been endangered by the breach. The order was extended in November 2023, partly due to fears that the Taliban may not yet have known about the leak.
However, Mr Justice Chamberlain lifted the gag this week, citing an internal Ministry of Defence (MoD) review that concluded the Taliban “likely already possess the key information” in the leaked dataset. The judgment also found that officially acknowledging the breach was “unlikely” to significantly increase the risks faced by those impacted.
Shadow Defence Secretary James Cartlidge, who was in government when the secret relocation programme was launched, condemned the breach as a “completely unacceptable failure of data protocols.”
Erin Alcock, a solicitor at Leigh Day—a legal firm representing hundreds of ARAP applicants and their families—described the situation as a “catastrophic failure.”
In a separate incident, the government recently confirmed that it has begun offering compensation to Afghans affected by another, unrelated data breach.