Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
Thousands of Afghan refugees, former Conservative government ministers and UK service personnel have been affected by a data breach following a cyber attack on a third-party airport contractor, UK officials have said.
The cyber attack, which comes a month after the revelation of a much larger and dangerous data breach affecting UK forces and Afghan refugees, will increase scrutiny of the Ministry of Defence and government even if they were not directly responsible for the data leak on this occasion.
The ransomware attack hit Inflite, a third-party service provider that helps the UK government with flights at Stansted, and involved the leaking of names, dates of birth, passport numbers and refugee and ID numbers connected to the UK’s Afghan resettlement programme.
Former Conservative government ministers and armed forces personnel who used the airport between January and March last year were also affected.
The MoD emailed more than 3,500 people affected including about 100 Britons, a ministry official said on Friday.
A government spokesperson said the incident “has not posed any threat to individuals’ safety, nor compromised any government systems”.
“We were recently notified that a third-party subcontractor to a supplier experienced a cyber security incident involving unauthorised access to a small number of its emails that contained basic personal information,” the spokesperson added.
“We take data security extremely seriously and are going above and beyond our legal duties in informing all potentially affected individuals.”
Inflite often handles flights for government officials from its Jet Centre base at Stansted. No prime ministerial or royal family data was contained in the leak.
The company announced the leak on August 10 and said it had reported it to the Information Commissioner’s Office and was “actively working with the relevant UK cyber authorities, including the National Crime Agency and the National Cyber Security Centre to support our investigation and response”.
The Times, which first reported the story, said the email told those affected by the leak to be “vigilant and alert to unexpected communication or unusual activity”.
The Afghans named in the Inflite leak are already in the UK, unlike a significant percentage of those affected by the recent superinjunction, which was lifted last month, UK officials said.
Family members still in Afghanistan could be at risk from the Taliban, the Islamist movement which returned to power in the South Asian country in 2021.
An independent study of those affected by the earlier leak, which led to additional Afghans being brought to the UK for their safety, found the risk of reprisals was lower than initially anticipated, leading to the lifting of the superinjunction and a public apology from government ministers last month.
The Liberal Democrats called for an immediate investigation into the Inflite leak, accusing the government of “staggering incompetence and clearly inadequate security standards with contractors”.
“We need an immediate, fully independent investigation into all of these breaches to identify exactly how this happened,” Liberal Democrat defence spokesperson Helen Maguire said.
