MoD offered to speed up resettlement case of Afghan who posted data breach names on Facebook

The Ministry of Defence offered to expedite the review of a rejected resettlement application of an Afghan national after he posted sensitive details from a data breach on Facebook, the BBC understands.

The man published nine names from a dataset containing details of thousands of Afghans who applied to be relocated to the UK after the Taliban seized power, and indicated he could release the rest.

He obtained the details after they were sent out from UK Special Forces headquarters in an accidental data breach in February 2022.

British authorities tracked the man down and strongly requested he take the data down, offering an expedited review of his rejected resettlement application in return.

The BBC understands the man is now in the UK, having had his rejected application overturned. He is not believed to be facing any criminal charges in relation to his conduct.

Government sources close to the process told the BBC the individual had essentially blackmailed his way into the country using the leaked dataset.

When asked about the actions of the individual and his subsequent relocation to the UK, the MoD declined to comment on the case.

Johnny Mercer, the former veterans minister, who was covered by the super-injunction because of his knowledge of the events, told the BBC the breach was representative of the "chaos" around the relocation process, and the individual brought to the UK had used the data to get in.

"He put the names on Facebook and essentially bribed the MoD to get in the country. The Ministry of Defence offered to expedite his case and next thing you know he's in the UK," Mercer said.

"There were multiple data leaks from the MoD regarding these applications. I think that gives you some sense of the chaos and lack of care in how things were being run at that time."

The breach occurred in February 2022 after someone working in UK Special Forces (UKSF) headquarters accidentally emailed the personal data of every applicant to the UK's Afghan resettlement scheme to date – nearly 19,000 people – to someone outside government.

The data was sent to an Afghan person living in the UK, who passed the information onto others, including people in Afghanistan. One individual in Afghanistan, after having his application rejected, posted some of the data on Facebook.

Alerting a defence minister to the presence of the data on Facebook in August 2023, an MoD case worker helping people seeking relocation called the possibility the Taliban might get hold of it "bone-chilling".

The data came from the Afghan Relocations and Assistance Policy (Arap) resettlement scheme, set up in 2021 as the Taliban seized control of Afghanistan.

It was highly sensitive because Afghan nationals who worked with the British government during the conflict with the Taliban were at risk of serious harm and even execution with the group back in power.

The breach led to the previous government setting up a secret £850m emergency resettlement scheme to bring some of those in the database to the UK.

Both the breach and subsequent scheme were kept secret by an unprecedented super-injunction, until it was lifted by High Court judge Mr Justice Chamberlain on Tuesday.

The emergency scheme – known as the Afghanistan Response Route and set up in April 2024 – has resulted in about 4,500 Afghans being brought to the UK so far, with a further 2,400 expected.