Explainer: How a UK data leak put thousands of Afghans at risk of Taliban reprisals

Thousands of Afghans have been secretly relocated to the UK after a major defence ministry data breach exposed their details to potential Taliban reprisals.

The breach remained hidden from the public for almost two years under an unprecedented super-injunction, but a High Court ruling has now lifted the secrecy.

What was leaked?

In February 2022, a British defence official mistakenly emailed a spreadsheet containing the names, contact details and family information of nearly 19,000 Afghans who had applied to the Afghan Relocations and Assistance Policy (ARAP).

The list included soldiers, interpreters and officials who worked with UK forces during the war in Afghanistan. The error went unnoticed for more than a year until part of the document appeared in a Facebook group in August 2023.

Judges warned that Taliban infiltrators could have accessed the data, placing tens of thousands at risk of "death or serious harm".

After discovering the massive leak, the government quietly created the Afghan Relocation Route in April 2024 to move those most at risk. So far, 4,500 Afghans have been resettled in the UK under the scheme, with another 2,400 more expected.

Defence Secretary John Healey apologised in Parliament, calling it a "serious departmental error" caused by sending the spreadsheet "outside authorised systems". He said: "I'm really deeply uncomfortable with the idea that a government applies for a super-injunction.

"If there are any [other] super-injunctions in place, I just have to tell you - I don't know about them. I haven't been read into them. The important thing here now is that we've closed the scheme."

But it remains unclear whether the official responsible faced disciplinary action.

How did the UK respond?

The then-Conservative government obtained a rare super-injunction in 2023. It prevented the press from reporting not only the breach but even the injunction itself. Mr Justice Chamberlain, who lifted the order this week, said it created a "scrutiny vacuum" that undermined democratic accountability.

Initially, it was feared that as many as 100,000 people could be endangered, including family members of those on the list. A MoD review later concluded the leak “may not have spread as widely as feared” and was unlikely to change Taliban targeting of those they considered their opponents.

Hundreds of affected Afghans were only informed of the breach this week and urged to take precautions, such as limiting their online activity. The leak was part of a wider failure surrounding the UK's chaotic evacuation of Afghanistan after the Taliban takeover in 2021.

More than 36,000 Afghans have been relocated to Britain through various resettlement schemes since the withdrawal.

Court documents showed former Defence Secretary Ben Wallace personally sought the injunction, arguing it was necessary to protect lives.

Lawyers for Afghan applicants described the breach as a "catastrophic failure", while both the government and opposition parties have admitted it was an unacceptable lapse.

During Prime Minister's Questions in the House of Commons on Wednesday, Starmer said: "Ministers who served under the [Conservative] party opposite have serious questions to answer about how this was ever allowed to happen.

"The chair of the defence committee has indicated that he intends to hold further inquiries. I welcome that and hope that those who are in office at the time will welcome that scrutiny."