Cyber-Attack Exposes Personal Data of Afghans Resettled in the UK

Published 15 August 2025

Highlights

• A cyber-attack on Inflite The Jet Centre, a Ministry of Defence contractor, exposed the personal data of up to 3,700 Afghans resettled in the UK.
  • The breach involved unauthorized access to emails containing sensitive information, including names and passport details.
  • The incident follows a 2022 data leak affecting nearly 19,000 Afghans under the Afghan Relocations and Assistance Policy.
  • The UK government asserts no threat to individuals' safety and is working with cybersecurity agencies to investigate.
  • The Information Commissioner's Office has been notified, and affected individuals have been warned of potential data exposure.

3. Rewritten Article

   Headline: Cyber-Attack Exposes Personal Data of Afghans Resettled in the UK

   A recent cyber-attack on a contractor linked to the UK Ministry of Defence has compromised the personal data of thousands of Afghans resettled in the country. Inflite The Jet Centre, responsible for ground services at London Stansted airport, reported that up to 3,700 individuals' data, including names and passport details, were exposed due to unauthorized access to company emails.

   Data Breach Details

   The breach, which occurred between January and March 2024, affected Afghans who arrived in the UK under the Afghan Relocations and Assistance Policy (ARAP). This policy assists those who worked with British forces in Afghanistan. The incident also potentially involved data from British military personnel and former government officials.

   Government Response

   The UK government has assured that the breach poses no threat to individuals' safety and has not compromised any government systems. A spokesperson emphasized their commitment to data security, stating, "We are going above and beyond our legal duties in informing all potentially affected individuals."

   Previous Incidents

   This breach is the latest in a series of data security incidents involving Afghan refugees. In 2022, a separate leak exposed the personal information of nearly 19,000 Afghans, leading to a high-profile legal case and a subsequent apology from the Labour defence secretary, John Healey.

   Investigations Underway

   Inflite The Jet Centre has reported the incident to the Information Commissioner's Office and is collaborating with the National Crime Agency and the National Cyber Security Centre. The company believes the breach was limited to email accounts but has taken precautionary measures by notifying stakeholders.

   Professor Sara de Jong from the Sulha Alliance, a charity supporting Afghans who worked with the British Army, called the breach "astonishing" and urged expedited processing for pending relocation cases.

4. Scenario Analysis

   Moving forward, the UK government faces increased pressure to enhance cybersecurity measures for sensitive data, especially concerning vulnerable populations like Afghan refugees. The ongoing investigation by national cybersecurity agencies may lead to stricter regulations and oversight of contractors handling personal information. Additionally, the government might expedite pending relocation cases to mitigate further distress among affected individuals. Experts suggest that these incidents highlight the need for comprehensive data protection strategies to prevent future breaches and maintain public trust.

A recent cyber-attack on a contractor linked to the UK Ministry of Defence has compromised the personal data of thousands of Afghans resettled in the country. Inflite The Jet Centre, responsible for ground services at London Stansted airport, reported that up to 3,700 individuals' data, including names and passport details, were exposed due to unauthorized access to company emails.

Data Breach Details

The breach, which occurred between January and March 2024, affected Afghans who arrived in the UK under the Afghan Relocations and Assistance Policy (ARAP). This policy assists those who worked with British forces in Afghanistan. The incident also potentially involved data from British military personnel and former government officials.

Government Response

The UK government has assured that the breach poses no threat to individuals' safety and has not compromised any government systems. A spokesperson emphasized their commitment to data security, stating, "We are going above and beyond our legal duties in informing all potentially affected individuals."

Previous Incidents

This breach is the latest in a series of data security incidents involving Afghan refugees. In 2022, a separate leak exposed the personal information of nearly 19,000 Afghans, leading to a high-profile legal case and a subsequent apology from the Labour defence secretary, John Healey.

Investigations Underway

Inflite The Jet Centre has reported the incident to the Information Commissioner's Office and is collaborating with the National Crime Agency and the National Cyber Security Centre. The company believes the breach was limited to email accounts but has taken precautionary measures by notifying stakeholders.

Professor Sara de Jong from the Sulha Alliance, a charity supporting Afghans who worked with the British Army, called the breach "astonishing" and urged expedited processing for pending relocation cases.

What this might mean

Moving forward, the UK government faces increased pressure to enhance cybersecurity measures for sensitive data, especially concerning vulnerable populations like Afghan refugees. The ongoing investigation by national cybersecurity agencies may lead to stricter regulations and oversight of contractors handling personal information. Additionally, the government might expedite pending relocation cases to mitigate further distress among affected individuals. Experts suggest that these incidents highlight the need for comprehensive data protection strategies to prevent future breaches and maintain public trust.