Almost 7,000 Afghan nationals are being relocated to the UK following a massive data breach by the British military that successive governments tried to keep secret with a superinjunction.

The blunder exposed the personal information of close to 20,000 individuals, endangering them and their families – with as many as 100,000 people impacted in total.

The UK only informed everyone on Tuesday – three-and-a-half years after their data was compromised.

Politics latest: Minister sorry after ‘extraordinary secrecy’ concealed data leak

The Ministry of Defence (MoD) said the relocation costs alone directly linked to the data breach will be around £850m. An internal government document from February this year said the cost could rise to £7bn, but an MoD spokesperson said that this was an outdated figure.

However, the total cost to the taxpayer of existing schemes to assist Afghans who are deemed eligible for British support, as well as the additional cost from the breach, will come to at least £6bn.

In addition, litigation against the UK arising from the mistake could add additional cost, as well as whatever the government has already spent on the superinjunction.

Details about the blunder can finally be made public after a judge lifted the injunction that had been sought by the government.

Barings Law, a law firm that is representing around 1,000 of the victims, accused the government of trying to hide the truth from the public following a lengthy legal battle.

Defence Secretary John Healey offered a “sincere apology” for the data breach in a statement to MPs in the House of Commons on Tuesday afternoon.

He said he had felt “deeply concerned about the lack of transparency” around the data breach, adding: “No government wishes to withhold information from the British public, from parliamentarians or the press in this manner.”

The previous Conservative government set up a secret scheme in 2023 – which can only now be revealed – to relocate Afghan nationals impacted by the data breach but who were not eligible for an existing programme to relocate and assist individuals who had worked for the British government in Afghanistan.

Some 6,900 Afghans – comprising 1,500 people named on the list as well as their dependents – are being relocated to the UK as part of this programme.

This comes on top of the many thousands more who are being moved until the Afghan Relocation and Assistance Policy (ARAP). A lot of these individuals are also caught up in the data breach.

The Times, which has been battling the injunction, said a total of 18,500 people have so far been relocated to the UK, including those directly impacted plus their dependents.

Read more:
‘My family is finished’: Afghan man in UK military data breach says he feels betrayed
Analysis: Retreat from Afghanistan began as a farce, then it was a scandal, now it’s a cover-up

👉 Listen to Sky News Daily on your podcast app 👈

Some 5,400 more Afghans who have already received invitation letters will be flown to the UK in the coming weeks, bringing the total number of Afghans affected by the breach being brought to the UK to 23,900. The rest of the affected Afghans will be left behind, the newspaper reported.

How did the data breach happen?

The disaster is thought to have been triggered by the careless handling of an email that contained a list of the names and other details of 18,714 Afghan nationals. They had been trying to apply to a British government scheme to support those who helped or worked with UK forces in Afghanistan that were fighting the Taliban between 2001 and 2021.

The collapse of the western-backed Afghan government that year saw the Taliban return to power. The new government regards anyone who worked with British or other foreign forces during the previous two decades as a traitor.

A source said a small number of people named on the list are known to have subsequently been killed, though it is not clear if this was a direct result of the data breach.

It is also not clear whether the Taliban has the list – only that the MoD lost control of the information.

Adnan Malik, head of data protection at Barings Law, said: “This is an incredibly serious data breach, which the Ministry of Defence has repeatedly tried to hide from the British public.

“It involved the loss of personal and identifying information about Afghan nationals who have helped British forces to defeat terrorism and support security and stability in the region.

“A total of around 20,000 individuals have been affected, putting them and their loved ones at serious risk of violence from opponents and armed groups.”

The law firm is working with around 1,000 of those impacted “to pursue potential legal action”.

Read more:
British couple held in Afghanistan
ICC prosecutor calls for arrest of Taliban duo

It is thought that only a minority of the names on the list – about 10 to 15% – would have been eligible for help under the Afghan Relocation and Assistance Policy (ARAP).

The breach occurred in February 2022, when Boris Johnson was prime minister, but was only discovered by the British military in August 2023.

A superinjunction – preventing the reporting of the mistake – was imposed in September of that year.

It meant the extraordinary – and costly – plan to transport thousands of Afghans to the UK took place in secret until now.

Sir Keir Starmer’s government inherited the scandal.

Why was superinjunction lifted?

An internal review into the affair was launched at the start of this year by Paul Rimmer, a retired civil servant.

It played down the risk to those whose data is included in the breached dataset should it fall into the hands of the Taliban.

The review said it was “unlikely to substantially change an individual’s existing exposure given the volume of data already available”.

It also concluded that “it appears unlikely that merely being on the dataset would be grounds for targeting” and it is “therefore also unlikely that family members… will be targeted simply because the ‘principal’ appears… in the dataset”.

This is why a High Court judge ruled that the superinjunction could be lifted.

Mr Malik, however, said that he believes there is still a risk to those named in the breach.

He added: “Our claimants continue to live with the fear of reprisal against them and their families, when they should have been met with gratitude and discretion for their service.

“We would expect substantial financial payments for each claimant in any future legal action. While this will not fully undo the harm they have been exposed to, it will enable them to move forward and rebuild their lives.”

Latest MoD data breach

While the MoD’s data breach is by far the largest involving Afghan nationals, it is not the first.

Earlier this month, the MoD said Afghans impacted by a separate mistake could claim up to £4,000 in compensation four years after the incident happened.

Human error resulted in the personal information of 265 Afghans who had worked alongside British troops being shared with hundreds of others who were on the same email distribution list in September 2021.

In December 2023, the UK Information Commissioner fined the MoD £350,000 and said the “egregious” breach could have been life-threatening.

An Afghan man who worked for the British military has told Sky News he feels betrayed and “completely lost (his) mind” after his identity formed part of a massive data breach.

He told The World with Yalda Hakim about the moment he discovered he was among thousands of Afghans whose personal details were revealed, putting him at risk of reprisals from the Taliban.

The man, who spoke anonymously to Sky News from Afghanistan, says that for more than 10 years he worked for British forces

But now he says he regrets working alongside troops, who were first deployed to Afghanistan in 2001.

“I have done everything for the British forces… I regret that – why (did) I put my family in danger because of that? Is this is justice?

“We work for them, for [the] British, we help them. So now we are left behind, right now. And from today, I don’t know about my future.”

He described receiving an email warning him that his details had been revealed.

He said: “When I saw this one story… I completely lost my mind. I just thought… about my future… my family’s.

“I’ve got two kids. All my family are… in danger. Right now… I’m just completely lost.”

👉 Listen to Sky News Daily on your podcast app 👈

The mistake by the Ministry of Defence in early 2022 ranks among the worst security breaches in modern British history because of the cost and risk posed to the lives of thousands of Afghans.

On Tuesday, a court order – preventing the media reporting details of a secret relocation programme – was lifted.

Read more from Sky News:
Minister defends handling of breach
The struggle for equality in Afghanistan
Afghan women throw babies to troops

Defence Secretary John Healey said about 6,900 Afghans and their family members have been relocated or were on their way to the UK under the previously secret scheme.

He said no one else from Afghanistan would be offered asylum, after a government review found little evidence of intent from the Taliban to seek retribution.

But the anonymous Afghan man who spoke to Sky News disputed this. He claimed the Taliban, who returned to power in 2021, were actively seeking people who worked with British forces.

“My family is finished,” he said. “I request… kindly request from the British government… the King… please evacuate us.

“Maybe tomorrow we will not be anymore. Please, please help us.”

The retreat from Afghanistan during the Taliban takeover in 2021 began as a farce, then it was a scandal and now it’s a shoddy cover-up.

The farce was when the then foreign secretary Dominic Raab remained on his holiday sunbed in Crete rather than return to work during the height of the evacuation crisis.

Politics latest: Minister sorry after ‘extraordinary secrecy’ concealed data leak

It was a scandal because around 200 people were killed in the chaos, with distressing pictures of terrified Afghans clinging to the wings of moving aeroplanes at Kabul airport.

And now we learn that in a massive cover-up, the Tory government of Rishi Sunak took out a superinjunction to gag the media from reporting a data breach that put 20,000 Afghans in danger.

Over the years, superinjunctions granted by UK courts have been condemned for enabling celebrities and sports stars to cover-up extra-marital affairs, drug-taking and other secrets.

The superinjunction granted to the government in 2023 to conceal a secret scheme to relocate Afghan nationals was obviously entirely different and no doubt sought for honourable motives.

But it was a cover-up nonetheless and not so honourable because it hid a data blunder exposing names and contact details of 18,000 people who had applied for asylum in the UK under a resettlement scheme.

The scheme had been set up by the government in 2021 to provide asylum for people who had worked with the UK armed forces and could be at risk of Taliban reprisals for working with western forces.

In the Commons, the current defence secretary, John Healey, said it was “deeply uncomfortable” to be prevented from reporting the data breach blunder to MPs until now.

Read More:
‘My family is finished’: Afghan man in UK military data breach says he feels betrayed
Almost 7,000 Afghans being relocated to UK in secret scheme after MoD data breach

The ministers involved in seeking the gagging order were the former defence secretary Ben Wallace and the then armed forces minister James Heappey, he said.

But while most MPs welcomed Mr Healey’s apology, it’s probably fair to say that if it hadn’t been for tenacious campaigning by media organisations the superinjunction might not have been lifted by the High Court.

One Tory MP, Mark Pritchard, accused the defence secretary of “wriggling” and said: “The fact is that he is justifying this superinjunction and not telling parliament, the press, the public and, unbelievably, the Afghans who were potentially in harm’s way.”

And, among a number of individual cases highlighted by MPs, Liberal Democrat Calum Miller told MPs that “in the chaos of withdrawal” a constituent who left Afghanistan was promised by British officials that his pregnant wife could follow him.

“Two years later, we have still not kept that promise,” said Mr Miller. “My constituent’s wife and child continue to move around in Afghanistan to evade the Taliban and my constituent is so desperate that he is talking about returning to Afghanistan – despite the risk to him – to be reunited with them.”

👉 Listen to Sky News Daily on your podcast app 👈

Reform UK’s Zia Yusuf hit out at the Tory government’s asylum policy, writing on X: “24k Afghans secretly granted asylum, costing British taxpayers up to £7bn.

“The government covered it up. Who was in government? Home secretary: Suella Braverman. Immigration minister: Robert Jenrick.”

Later, Mr Healey was asked on LBC’s News Agents podcast if the official responsible for the data breach is still employed by the government. “They are no longer doing the same job on the Afghan brief,” he replied.

Hmm. That suggests the person hasn’t been fired, which will alarm those MPs who remain extremely concerned about this whole fiasco.

Follow the World

Listen to The World with Richard Engel and Yalda Hakim every Wednesday

Tap to follow

Asked whether he would have taken out the superinjunction if he had been defence secretary in 2023, he replied: “Very, very unlikely.”

But when he was asked if he could rule out the use of superinjunctions by the Ministry of Defence in the future, Mr Healey said: “Well, you can never say never.”

So while Mr Healey will obviously be determined to avoid a farce in future, it appears that the threat of another Ministry of Defence cover-up in future hasn’t gone away.