Thousands of Afghans who were brought to the UK for safety have had their personal data exposed after a Ministry of Defence (MoD) sub-contractor suffered a cyber-security breach.
The breach affected Inflite The Jet Centre, a private company that provides ground-handling services for flights at London Stansted Airport. According to officials, the names, passport information, and Afghan Relocations and Assistance Policy (Arap) details of up to 3,700 Afghans may have been compromised.
The Arap scheme was set up to help Afghans who worked alongside British forces and their families resettle in the UK after the Taliban regained control of Afghanistan in 2021. Many of those under the programme are considered at risk of reprisals from the Taliban due to their past association with UK and allied forces.
The Ministry of Defence confirmed the breach, but insisted that it had not endangered individuals. “This incident has not posed any threat to individuals’ safety, nor compromised any government systems,” a spokesperson said.
The exposure has nonetheless raised concerns, given the sensitivity of the information involved and the vulnerability of those affected. The MoD has said it is working with the company to investigate the incident and ensure that further safeguards are put in place.
The revelation comes just weeks after it emerged that a separate data breach in 2022 had exposed the personal details of nearly 19,000 Afghans who had applied to come to the UK. That earlier breach had already fuelled criticism over the government’s handling of personal data linked to vulnerable individuals.
Security experts say that repeated breaches of this kind risk undermining confidence in government-run resettlement programmes. “For people whose lives may already be in danger, any compromise of personal information could have serious consequences,” said one cyber-security analyst.
Campaigners have called for stronger oversight of contractors handling sensitive information, pointing out that outsourced companies often operate with weaker safeguards than government systems. “The individuals affected by this breach are not just numbers on a database — they are people who trusted the UK with their safety,” one refugee rights group said in a statement.
Inflite The Jet Centre has not yet issued a public comment, but is understood to be cooperating fully with the MoD’s inquiry. The company is also expected to notify regulators, including the Information Commissioner’s Office (ICO), which oversees data protection in the UK.
With Afghan evacuees already facing uncertain futures, the latest breach is likely to reignite debate over the government’s responsibility to ensure their safety — not only on UK soil but also in the handling of their most sensitive information.
