Thousands more Afghan nationals may have been affected by another data breach, the government has said.

Up to 3,700 Afghans brought to the UK between January and March 2024 have potentially been impacted as names, passport details and information from the Afghan Relocations and Assistance Policy has been compromised again, this time by a breach on a third party supplier used by the Ministry of Defence (MoD).

This was not an attack directly on the government but a cyber security incident on a sub-contractor named Inflite – The Jet Centre – an MoD supplier that provides ground handling services for flights at London Stansted Airport.

The flights were used to bring Afghans to the UK, travel to routine military exercises, and official engagements. It was also used to fly British troops and government officials.

Those involved were informed of it on Friday afternoon by the MoD, marking the second time information about Afghan nationals relocated to the UK has been compromised.

It is understood former Tory ministers are also affected by the hack.

Earlier this year, it emerged that almost 7,000 Afghan nationals would have to be relocated to the UK following a massive data breach by the British military that successive governments tried to keep secret with a super-injunction.

Defence Secretary John Healey offered a “sincere apology” for the first data breach in a statement to the House of Commons, saying he was “deeply concerned about the lack of transparency” around the data breach, adding: “No government wishes to withhold information from the British public, from parliamentarians or the press in this manner.”

The previous Conservative government set up a secret scheme in 2023 to relocate Afghan nationals impacted by the data breach, but who were not eligible for an existing programme to relocate and help people who had worked for the British government in Afghanistan.

The mistake exposed personal details of close to 20,000 individuals, endangering them and their families, with as many as 100,000 people impacted in total.

Read more on Sky News:
Data breach victims sent spam emails
Afghan data leak timeline
MoD urged to reveal details of nuclear incident

A government spokesperson said of Friday’s latest breach: “We were recently notified that a third party sub-contractor to a supplier experienced a cyber security incident involving unauthorised access to a small number of its emails that contained basic personal information.

“We take data security extremely seriously and are going above and beyond our legal duties in informing all potentially affected individuals. The incident has not posed any threat to individuals’ safety, nor compromised any government systems.”

In a statement, Inflite – The Jet Centre confirmed the “data security incident” involving “unauthorised access to a limited number of company emails”.

“We have reported the incident to the Information Commissioner’s Office and have been actively working with the relevant UK cyber authorities, including the National Crime Agency and the National Cyber Security Centre, to support our investigation and response,” it said.

“We believe the scope of the incident was limited to email accounts only, however, as a precautionary measure, we have contacted our key stakeholders whose data may have been affected during the period of January to March 2024.”