Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
UK Ministry of Defence

UK Ministry of Defence Vendor Cyber Rating & Cyber Score

www.gov.uk

We defend the United Kingdom and its allies, at home and abroad.


UMD A.I CyberSecurity Scoring

UMD
Company Information
Website:https://www.gov.uk/mod
Employees number:30,825
Number of followers:765,422
NAICS:336414
Industry Type:Defense and Space Manufacturing
Homepage:www.gov.uk
UMD Risk Score (AI oriented)
Between 0 and 549
logo
UMDDefense and Space Manufacturing
Updated:
13/07/2026
325/1000
Critical
C
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
UMD Global Score (TPRM)
xxxx
logo
UMDDefense and Space Manufacturing
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

UMD
UMDCritical
Current Score
325C (CRITICAL)
01000
14 incidents
-37 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
333Before Incident
Cyber Attack
05 Jul 2026UMD
Foreign Office and UK Government: Russian hackers infiltrate UK government emails in cyberattack targeting Foreign Office officials

APT28 Exploits DNS Hijacking to Breach UK Government Email Accounts

317After Incident
CRITICAL-16
FORGOV1783297461
APT28 Exploits DNS Hijacking to Breach UK Government Email Accounts Russia’s state-backed hacking group APT28 (Fancy Bear), linked to the GRU’s Military Unit 26165, has compromised email accounts belonging to UK government and Foreign Office officials using DNS hijacking, marking a significant escalation in cyber espionage targeting Western democracies. The attack, first flagged by the UK’s National Cyber Security Centre (NCSC) on April 7, 2026, exploited vulnerable internet routers to reroute traffic through malicious servers, silently harvesting login credentials, access tokens, and authentication details for email and web services. Unlike traditional phishing, this method intercepts legitimate traffic without requiring user interaction, making detection harder. APT28’s campaign followed a two-phase approach: an initial opportunistic scan compromising over 18,000 networks, followed by a precision strike on high-value targets, including senior policymakers and diplomats. The NCSC attributed the attacks with high confidence to the GRU, noting the group’s long-standing focus on intelligence gathering rather than financial theft. This tactic represents a tactical evolution from earlier spear-phishing campaigns (documented since 2018), shifting from social engineering to infrastructure-level compromise. While the NCSC emphasized that the primary goal remains espionage, the same vulnerabilities exploited in this attack unpatched edge devices and weak access controls pose risks across sectors, including crypto infrastructure. The NCSC’s recommended mitigations firmware updates, strict access controls, and multi-factor authentication highlight persistent gaps between security best practices and real-world implementation.
INCIDENT DETAILS -
TYPE
Cyber Espionage
MOTIVATION
Intelligence gathering
IMPACT
Login credentialsAccess tokensAuthentication detailsEmail accountsWeb services
DATA BREACH
Login credentialsAccess tokensAuthentication detailsSensitivity Of Data: High
JUNE 2026
331Before Incident
MAY 2026
317Before Incident
APRIL 2026
310Before Incident
MARCH 2026
294Before Incident
FEBRUARY 2026
285Before Incident
JANUARY 2026
281Before Incident
DECEMBER 2025
260Before Incident
NOVEMBER 2025
298Before Incident
Breach
04 Nov 2025UMD
Ministry of Defence (MoD), UK

Ministry of Defence (MoD) Data Exposure on Public Train

247After Incident
HIGH-51
UK-5234752110425
A Ministry of Defence (MoD) official accidentally exposed confidential government data by leaving their laptop unattended on a train. The breach involved sensitive information related to Afghan refugees fleeing the Taliban, alongside multiple other incidents within the same unit, including emails sent to incorrect recipients, insecure system access, and unauthorized employee data access. The case was criticized in Parliament as an institutional failure, highlighting systemic vulnerabilities in handling classified information. The incident underscores broader risks tied to remote work, such as unsecured environments (e.g., public Wi-Fi, public spaces) and inadequate monitoring of compliance. Experts emphasized the need for stricter policies, employee training, and secure handling protocols to prevent recurring breaches, particularly in high-stakes sectors like defense. The breach further erodes public trust in government data practices and raises concerns about operational security in hybrid work models.
INCIDENT DETAILS -
TYPE
Data LeakUnauthorized DisclosureHuman Error
MOTIVATION
None (Unintentional)
IMPACT
Confidential Government InformationAfghan Refugee Application DataEmployee RecordsOperational Impact: Potential disruption to Afghan refugee processing; erosion of trust in MoD data handlingBrand Reputation Impact: Significant (criticized in House of Commons; institutional failure acknowledged)Identity Theft Risk: Possible (if exposed data included PII)
DATA BREACH
Government Confidential InformationRefugee Application DataEmployee RecordsSensitivity Of Data: High (government/military; refugee personal data)Data Exfiltration: No (exposure via physical access)Personally Identifiable Information: Likely (refugee applications may include PII)
OCTOBER 2025
318Before Incident
Cyber Attack
19 Oct 2025UMD
Ministry of Defence (MoD), UK

Major Breach: Russian Hackers Steal Hundreds of Ministry of Defence Files and Leak Them to Dark Web

293After Incident
CRITICAL-25
UK-5562155102025
Russian hackers (Lynx group) breached the UK’s Ministry of Defence (MoD) by exploiting a third-party contractor (Dodd Group), gaining access to hundreds of classified military documents—including files marked ‘Controlled’ or ‘Official Sensitive’—from eight RAF and Royal Navy bases. The leaked data (4TB total) includes names, emails, and mobile numbers of MoD personnel and contractors, car registrations, visitor logs for high-security sites (e.g., RAF Lakenheath, home to US F-35 stealth jets and nuclear bombs), and internal security instructions, aiding future phishing attacks. Two of four planned data dumps have been released on the dark web, with hackers threatening further leaks. The breach, described as ‘catastrophic’ by experts, compromises national security, embarrasses key allies (e.g., the US), and exposes critical vulnerabilities in the MoD’s supply chain and IT infrastructure. The attack leveraged a ‘gateway’ via a maintenance contractor, bypassing the MoD’s primary cyber defenses.
INCIDENT DETAILS -
TYPE
data breachcyber espionagesupply chain attack
MOTIVATION
financial gain (ransom threats)espionagegeopolitical disruptionreputation damage
IMPACT
military documents (RAF/Royal Navy bases)MoD personnel names/emailscontractor names/car registrations/mobile numbersinternal email guidance/security instructionsvisitor logs (RAF Portreath, RNAS Culdrose)construction details (Kier’s work at RAF Lakenheath)4TB of data (including secured repositories)Dodd Group (third-party contractor)MoD email systemssecured document repositoriesRAF Lakenheath (F-35 stealth jets/nuclear bomb data)RAF Portreath (radar base)RAF Predannack (National Drone Hub)RNAS Culdrose (Royal Navy air station)compromised security protocols (phishing aid)embarrassment to UK/US alliespotential disruption to military operationsloss of trust in MoD supply chainsevere damage to MoD credibilityeroded trust in UK national securityinternational embarrassment (especially with US allies)potential GDPR violations (personal data)contractual breaches with third partieshigh (personnel/contractor PII exposed)
DATA BREACH
military operational documentspersonnel PII (names, emails, mobile numbers)contractor data (car registrations, contact details)visitor logsconstruction project detailsinternal security guidanceNumber Of Records Exposed: hundreds of files (4TB total)ControlledOfficial Sensitivepotentially Secret (e.g., F-35/nuclear bomb references)dark web leaks (2/4 dumps released)planned staged releasesPDFsemailsspreadsheetsvisitor formsconstruction documentsnamesemail addressesmobile numberscar registrations
SEPTEMBER 2025
313Before Incident
AUGUST 2025
354Before Incident
Breach
15 Aug 2025UMD
Ministry of Defence (MoD), UK

Ministry of Defence (MoD) Data Breach Exposing Afghan Interpreters' Details

298After Incident
CRITICAL-56
UK-841081625
A catastrophic data breach at the UK Ministry of Defence (MoD) exposed the personal details of thousands of Afghan interpreters and former special forces members who had worked alongside British troops. The leaked information—including identities, locations, and eligibility for UK relocation—was accessed by hostile actors, leading to direct threats from the Taliban. As a result, at least two families (including a former patrol interpreter and a special forces commando) had their UK relocation offers revoked despite prior approval. Pakistani police detained them, moving them to deportation camps with imminent risk of forced return to Afghanistan, where execution by the Taliban is highly probable. The breach has left vulnerable individuals—many of whom had waited years in limbo—without visas, financial support, or safe shelter. Children and wives of affected personnel now face severe psychological trauma (e.g., PTSD) and potential violence. Legal challenges have been filed, but the UK government cites failed security checks (conducted only after the breach) as justification for reversals. The incident underscores systemic failures in protecting at-risk allies, with critics condemning the move as ‘morally bankrupt’, given the life-or-death stakes for those abandoned. The reputational damage to the MoD and UK government is severe, compounded by accusations of betrayal toward those who served British forces.
INCIDENT DETAILS -
TYPE
Data BreachPrivacy ViolationHumanitarian Crisis
IMPACT
Personal details of Afghan interpreters and special forces membersRelocation application statusesFamily member informationRevocations of relocation offersLegal challenges and High Court applicationsDeportation threats to affected familiesCriticism of UK government's handling of Afghan alliesAccusations of moral bankruptcyPublic outcry over humanitarian failuresUrgent High Court applications to challenge visa refusalsPotential legal actions for endangering livesSpecial Immigration Appeals Commission reviewsHigh risk for exposed Afghans due to Taliban threats
DATA BREACH
Personal identifiable information (PII) of Afghan interpreters and special forcesRelocation eligibility statusesFamily detailsNumber Of Records Exposed: Thousands (exact number unspecified)Sensitivity Of Data: High (life-threatening risks due to Taliban retaliation)Data Exfiltration: Yes (details leaked and accessed by unauthorized parties)NamesRelocation application detailsFamily member informationPotentially addresses or contact details
JULY 2024
279Before Incident
Breach
01 Jul 2024UMD
Ministry of Defence (MoD), UK

Ministry of Defence (MoD) Data Breach Exposing Afghan Relocation Details

223After Incident
CRITICAL-56
UK-42101642110425
The UK Ministry of Defence (MoD) suffered a mass data breach exposing highly sensitive personal details of thousands of Afghans who had supported British forces, including interpreters, staff, and their families. The breach led to a top-secret airlift operation to relocate at-risk individuals to Britain, costing £7 billion, while the MoD imposed a draconian super-injunction to suppress details for nearly two years. The exposed data placed Afghan allies in grave danger of retaliation from the Taliban, with the MoD failing to allocate funds for compensation or resettlement. Despite the court order being lifted in July 2024, the MoD continues to evade transparency, ignoring journalist inquiries and parliamentary scrutiny. The incident revealed systemic failures in data protection, financial accountability, and ethical governance, with MPs condemning the cover-up as a betrayal of those who served alongside UK forces. The breach’s fallout extends beyond financial mismanagement to life-threatening consequences for vulnerable individuals, eroding public trust in institutional accountability.
INCIDENT DETAILS -
TYPE
Data BreachUnauthorized DisclosureCover-Up
MOTIVATION
Espionage (potential)Accidental ExposureGovernment Oversight Failure
IMPACT
Personal Identifiable Information (PII) of AfghansRelocation/Resettlement DetailsSensitive Operational DataCompromised safety of Afghan alliesDelayed resettlement effortsErosion of trust in UK governmentLegal and diplomatic repercussionsSevere damage to MoD's credibilityPublic and parliamentary distrustCriticism from auditors and watchdogsPotential compensation claims from affected AfghansViolation of data protection lawsSuper-injunction controversiesHigh (for exposed Afghans)Risk of retaliation by Taliban or hostile actors
DATA BREACH
Personal Identifiable Information (PII)Relocation/Resettlement RecordsMilitary Operational DataNumber Of Records Exposed: ThousandsSensitivity Of Data: High (life-threatening risk to exposed individuals)NamesRoles (e.g., interpreters)Family detailsResettlement status
JUNE 2024
336Before Incident
Breach
16 Jun 2024UMD
Ministry of Defence (MoD), UK

Ministry of Defence (MoD) Afghan Data Breach

275After Incident
CRITICAL-61
UK-1692216102125
A catastrophic data breach at the UK’s Ministry of Defence (MoD) exposed the personal details of 33,000 Afghans—individuals at risk from the Taliban due to their ties to British forces. The leak occurred when a highly classified Excel spreadsheet containing sensitive data was emailed to an unauthorized external recipient. The breach triggered a covert evacuation program but was concealed from the public and MPs for nearly two years under a superinjunction, only revealed after a prolonged legal battle by media outlets, including The Independent. The UK’s data regulator, the Information Commissioner’s Office (ICO), opted not to launch a formal investigation, citing reliance on the MoD’s 'honesty' and claiming resource constraints. No contemporaneous notes were taken due to the classified nature of the information, raising concerns over institutional failures. MPs criticized the ICO’s handling, describing it as ‘a few unrecorded meetings and a handshake’, while the MoD’s data practices were condemned as ‘top-secret information bandied about like confetti’. The breach risked life-threatening consequences for exposed Afghans, with no accountability or systemic reforms enforced until public scrutiny forced limited action in 2024.
INCIDENT DETAILS -
TYPE
Data BreachUnauthorized DisclosurePrivacy Violation
IMPACT
Personally Identifiable Information (PII) of AfghansSensitive Military-Associated DataSecret Evacuation Program TriggeredPublic Trust ErosionRegulatory ScrutinySevere Damage to MoD and UK Government CredibilityCriticism of ICO's HandlingPotential Violations of Data Protection LawsCourt Battle Over SuperinjunctionHigh (for Affected Afghans)
DATA BREACH
PII (Names, Locations, Associations with UK Forces)Sensitive Military-Related DataNumber Of Records Exposed: 33,000+Top SecretLife-Endangering for Affected IndividualsYes (via Unauthorized Email)No (Spreadsheet Sent in Cleartext)Excel SpreadsheetNamesContact DetailsAssociations with UK Forces
APRIL 2024
364Before Incident
Breach
01 Apr 2024UMD
UK Ministry of Defence (MoD)

Afghan Data Breach and Relocation Assistance Dispute

313After Incident
CRITICAL-51
UK-4933149101325
The Afghan data breach involved the unauthorized exposure of sensitive personal data belonging to Afghan nationals, including QP1 and another claimant (QP2), who had worked with or were associated with UK forces during the Afghanistan conflict. The breach led to the leak of identities, roles, religious affiliations (e.g., Shia/Hazara), and perceived associations (e.g., falsely labeled as a 'spy'), placing individuals at severe risk of Taliban retaliation, persecution, or targeted violence. The UK government’s Defence Secretary refused relocation assistance in April 2024, arguing the claimants did not meet the 'highest risk' threshold, despite their vulnerable status.The judicial review challenge (dismissed in June 2025) highlighted systemic failures in risk assessment, where misclassification of high-profile status and underestimation of ethnic/religious threats (e.g., Hazara Shia minority) were central. The breach’s fallout included legal battles over accountability, with closed proceedings (e.g., 'Afghan superinjunction') obscuring full transparency. The incident underscores gaps in post-conflict data protection, where leaked information directly endangers lives, particularly in regions under hostile regime control. The case reflects broader governmental negligence in safeguarding at-risk collaborators, with long-term reputational and humanitarian consequences.
INCIDENT DETAILS -
TYPE
Data BreachPrivacy ViolationNational Security Incident
MOTIVATION
EspionageTargeted HarassmentPolitical
IMPACT
Personally Identifiable Information (PII)Religious/Ethnic Identity (Shia/Hazara)Perceived Affiliation (e.g., 'spy' misclassification)High (due to government involvement and national security implications)Judicial review challenges (dismissed in 2025)Potential future litigation from affected individualsHigh (due to exposed PII and sensitive attributes)
DATA BREACH
PIIReligious/Ethnic DataPerceived Intelligence AffiliationsSensitivity Of Data: High (life-threatening risk to individuals if exposed in Afghanistan)Data Exfiltration: Likely (implied by risk assessments)NamesReligious/Ethnic Background (Shia/Hazara)Potential Role Classifications (e.g., 'spy')
AUGUST 2023
352Before Incident
Breach
01 Aug 2023UMD
Ministry of Defence (MoD)

Data Breach of Afghan Personal Details by UK Ministry of Defence

292After Incident
CRITICAL-60
UK-707072025
The Ministry of Defence (MoD) experienced a significant data breach where the names and details of more than 19,000 people were leaked. This breach occurred when an unnamed official emailed a spreadsheet outside the government team processing Afghan relocation applications, leading to the data entering the public domain. The leak was discovered in August 2023 when names of individuals who applied to move to the UK appeared on Facebook. Many Afghans now fear retribution from the Taliban, and the MoD has stated it will not provide compensation or proactively give payouts to those affected. The breach has led to significant distress and worries for the affected families, who are seeking relocation to safer countries.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Unknown
IMPACT
Data Compromised: Personal details of 19,000+ peopleBrand Reputation Impact: SignificantLegal Liabilities: Potential lawsuitsIdentity Theft Risk: High
DATA BREACH
Type Of Data Compromised: Personal detailsNumber Of Records Exposed: 19,000+Sensitivity Of Data: HighData Exfiltration: YesPersonally Identifiable Information: Yes
JULY 2023
403Before Incident
Breach
01 Jul 2023UMD
Ministry of Defence (MoD), UK Government

UK Ministry of Defence (MoD) Afghan Resettlement Scheme Data Breach

343After Incident
CRITICAL-60
UK-22100222110425
In a catastrophic data breach, the UK Ministry of Defence (MoD) inadvertently leaked the personal details of 18,700 applicants to the Afghan resettlement schemes, exposing highly sensitive information that placed thousands of vulnerable individuals—including Afghan interpreters, allies, and their families—at severe risk of retaliation, persecution, or harm. The breach was concealed under an unprecedented 18-month superinjunction, blocking public and parliamentary scrutiny while the government failed to address the fallout effectively. Despite the legal gag being lifted in July 2023, 4,200 eligible applicants and their families remain stranded, awaiting relocation under the scheme. The incident revealed systemic failures in data protection, transparency, and accountability, with MPs and journalists highlighting a culture of secrecy within the MoD. The breach not only endangered lives but also undermined trust in the UK’s resettlement programs and its commitment to protecting at-risk Afghans who had assisted British forces.
INCIDENT DETAILS -
TYPE
Data BreachPrivacy ViolationGovernmental Misconduct
IMPACT
Personal Details of 18,700 Applicants (e.g., names, contact information, resettlement eligibility status)Legal battles spanning 18 monthsParliamentary and public distrust in MoD transparencyOngoing delays in resettlement processingReports from affected Afghans and advocacy groups regarding safety risks and relocation delaysSevere damage to MoD's reputation due to secrecy and mishandlingErosion of public trust in governmental data protection practicesSuperinjunction imposed for ~2 years (later lifted)Defence Select Committee inquiryIntelligence and Security Committee investigationPotential legal actions from affected individualsHigh (exposed personal data of vulnerable applicants)
DATA BREACH
Personally Identifiable Information (PII)Resettlement Application DetailsNumber Of Records Exposed: 18,700High (included identities of at-risk Afghans)Unintentional (via human error/misconfiguration)NamesContact InformationResettlement Eligibility Status
JUNE 2022
439Before Incident
Breach
16 Jun 2022UMD
Ministry of Defence (MOD), UK

MOD Afghan Citizens Data Breach (2022)

297After Incident
CRITICAL-142
UK-2893428111425
In 2022, the UK’s Ministry of Defence (MOD) suffered a severe data breach involving the accidental leak of personal details of ~19,000 Afghan citizens seeking refuge in the UK post-Taliban takeover. The breach occurred due to insecure handling of Excel spreadsheets on a SharePoint site, exposing sensitive information that led to 49 confirmed deaths (linked to Taliban reprisals) and placed thousands more at risk. The incident, concealed under a superinjunction until 2024, has incurred an estimated £850 million in costs (excluding legal/compensation claims, which could push totals into billions). The Public Accounts Committee (PAC) criticized the MOD for systemic failures, including outdated IT infrastructure, lack of cybersecurity specialists, and repeated breaches (e.g., a 2023 leak of military personnel data). The breach’s fallout includes operational disruptions, reputational damage, and potential long-term geopolitical consequences, as compromised Afghans included interpreters and allies critical to UK missions. The PAC demanded urgent reforms, including modernized systems and enhanced recruitment of digital security experts to prevent future incidents.
INCIDENT DETAILS -
TYPE
Data BreachUnauthorized DisclosureInsider Threat (Accidental)
MOTIVATION
Accidental (No malicious intent; attributed to procedural failures)
IMPACT
Financial Loss: £850 million (estimated; excludes legal/compensation costs; potential to reach billions)Personally Identifiable Information (PII) of Afghan refugeesContact detailsApplication statusesSharePoint platformExcel spreadsheetsCompromised resettlement operationsLoss of trust in MOD data handlingIncreased scrutiny from regulatory bodiesReports of Taliban reprisals against exposed individualsPublic outcry and media criticismSevere damage to MOD's credibilityErosion of public trust in government data securityCriticism from Parliamentary committeesPotential compensation claims from affected AfghansOngoing legal investigationsHigh (exposed PII could be exploited by malicious actors)
DATA BREACH
PII (names, contact details, application data)Sensitive refugee status informationNumber Of Records Exposed: ~19,000Sensitivity Of Data: High (life-threatening risk to exposed individuals)Data Exfiltration: No (accidental exposure via shared Excel/SharePoint)Data Encryption: No (data stored in unsecured spreadsheets)Excel (.xlsx)SharePoint documentsFull namesContact informationRefugee application details
FEBRUARY 2022
549Before Incident
Breach
01 Feb 2022UMD
UK Ministry of Defence (MoD)

UK Ministry of Defence (MoD) Data Breaches Related to Afghan Relocations and Assistance Policy (ARAP)

407After Incident
CRITICAL-142
UK-5033050102025
The UK Ministry of Defence (MoD) disclosed 49 data breaches tied to its Afghan Relocations and Assistance Policy (ARAP) and related schemes, exposing sensitive personal data of Afghan nationals who worked with the UK government. The most severe incident—a February 2022 spreadsheet error—compromised 18,700 individuals, with mitigation costs estimated at £850 million. Other breaches included blind carbon copy (BCC) email failures (fined £350,000 by the ICO), WhatsApp messages with insecure personal data, emails sent to wrong recipients (including non-relevant entities like a sports club), misclassified emails, and a laptop screen displaying sensitive data in public. Only 5 of 49 incidents were reported to the ICO, though the watchdog deemed the MoD’s reporting judgment satisfactory. The breaches risked endangering Afghan allies by exposing their identities to potential Taliban retaliation, while also damaging the MoD’s reputation and operational trust.
INCIDENT DETAILS -
TYPE
Data BreachUnauthorized DisclosureHuman ErrorImproper Data Handling
MOTIVATION
Unintentional (Human Error)
IMPACT
£850m (mitigation costs for spreadsheet error)£350,000 (ICO fines for BCC incidents)Personal Data of ~18,700 Afghans (spreadsheet error)Email Recipients' Identities (BCC errors)Sensitive Personal Data (WhatsApp, misdirected emails, laptop screen)Reputation Damage to MoDLoss of Trust Among Afghan NationalsRegulatory Scrutiny (ICO, PAC, Defence Select Committee)Severe (Public and Parliamentary Scrutiny)Erosion of Trust in Government Data HandlingICO Fines (£350,000)Potential Further Legal Actions (Defence Select Committee Inquiry)High (Exposed Afghans at Risk of Taliban Retaliation)
DATA BREACH
Personal Identifiable Information (PII) of Afghan NationalsEmail Addresses (BCC Errors)Official Sensitive Personal Data (Laptop Screen)~18,700 (spreadsheet error)Hundreds (BCC errors)Sensitivity Of Data: High (Life-Threatening Risk for Afghans)Data Exfiltration: No (Unintentional Disclosure)Spreadsheet (February 2022)Emails (BCC Errors)WhatsApp MessagesMicrosoft Forms DataNamesContact DetailsRelocation StatusEmployment History with UK Government
OCTOBER 2021
672Before Incident
Breach
01 Oct 2021UMD
Ministry of Defence (MoD), UK

Multiple Data Breaches in UK Ministry of Defence's Afghan Relocations and Assistance Policy (ARAP)

530After Incident
CRITICAL-142
UK-5762957102325
The UK Ministry of Defence (MoD) disclosed 49 data breaches tied to its Afghan Relocations and Assistance Policy (ARAP) and related schemes for Afghan nationals who aided UK forces. The most severe incident—a February 2022 spreadsheet error—exposed 18,700 Afghans’ personal data, including those seeking UK resettlement after the Taliban’s return. The breach, concealed under a super-injunction until July 2025, incurred £850M+ in mitigation costs and risked endangering lives by revealing identities to hostile actors. Other breaches included: - Blind carbon copy (BCC) failures (3 incidents, £350K ICO fine), exposing email recipients’ identities. - WhatsApp messages with insecure personal data. - Misdirected emails (e.g., sent to the Civil Service Sports Club or with incorrect classification levels). - Physical exposure: An MODNET laptop screen displaying sensitive data on public transport. - Microsoft Forms incident (October 2021), further compromising data. Only 5 of 49 incidents were reported to the ICO, though the watchdog accepted the MoD’s risk assessments. The breaches stemmed from operational negligence during high-stakes relocation efforts, heightening risks for vulnerable Afghan allies. The Defence Select Committee is investigating the 2022 breach under a broader inquiry.
INCIDENT DETAILS -
TYPE
Data BreachUnauthorized DisclosureImproper Data HandlingPrivacy Violation
IMPACT
Financial Loss: £850 million (estimated mitigation cost for spreadsheet error) + £350,000 (ICO fine for BCC incidents)Personal information of Afghan nationals (including ~18,700 in spreadsheet error)Sensitive relocation/assistance dataContact details (visible in BCC incidents)Operational Impact: Ongoing parliamentary inquiries (Public Accounts Committee, Defence Select Committee); reputational damage to MoD and UK governmentBrand Reputation Impact: High (public disclosure of failures in protecting vulnerable Afghan allies; scrutiny from MPs and media)£350,000 ICO fine for BCC incidentsPotential further fines/legal actions from ongoing inquiriesIdentity Theft Risk: High (exposed personal data of at-risk Afghan nationals)
DATA BREACH
Personal Identifiable Information (PII) of Afghan nationalsRelocation/assistance application detailsContact information (emails, phone numbers)Official sensitive data (displayed on laptop)Number Of Records Exposed: ~18,700 (spreadsheet error) + unknown in other incidentsSensitivity Of Data: High (personal data of at-risk individuals; potential life-threatening consequences if exposed to Taliban)Spreadsheets (e.g., February 2022 incident)Emails (BCC incidents)WhatsApp messagesMicrosoft Forms submissionsPersonally Identifiable Information: Yes (names, contact details, relocation status)
AUGUST 2021
718Before Incident
Breach
01 Aug 2021UMD
Ministry of Defence (MoD), UK

UK Ministry of Defence (MoD) Afghan Data Breach and ICO Enforcement Concerns

667After Incident
CRITICAL-51
UK-5521755112425
The Afghan data breach involved the unauthorized disclosure of sensitive personal information belonging to Afghan nationals who had collaborated with British forces prior to the Taliban’s takeover in August 2021. The leak exposed names and other identifying details, placing these individuals—and potentially their families—at severe risk of retaliation, persecution, or fatal harm under Taliban rule. Despite the gravity of the breach, the UK’s Information Commissioner’s Office (ICO) opted not to launch a formal investigation into the MoD, nor did it impose any enforceable penalties. Critics argue this reflects a broader systemic failure in enforcement, where the ICO’s ‘public sector approach’—relying on non-binding reprimands rather than legal action—undermines deterrence and accountability. The breach is deemed one of the most serious in UK history, with life-threatening consequences for affected individuals, yet regulatory inaction has left victims without recourse. The incident has also eroded trust in the ICO’s ability to uphold data protection laws, particularly in high-stakes government failures.
INCIDENT DETAILS -
TYPE
Data BreachPrivacy ViolationGovernment Failure
MOTIVATION
NegligenceSystemic Enforcement Failure
IMPACT
Personal Identifiable Information (PII) of Afghan nationalsNames of individuals who collaborated with British forcesRisk to lives of exposed individualsErosion of trust in UK government data handlingPublic outcryCalls for inquiry by civil liberties groupsSevere damage to UK MoD and ICO credibilityPerceived failure in data protection enforcementPotential legal actions by affected individualsScrutiny by parliamentary committeesHigh (life-threatening due to Taliban exposure)
DATA BREACH
Personally Identifiable Information (PII)Names of Afghan collaboratorsSensitivity Of Data: Extremely High (life-threatening if exposed)Data Exfiltration: Yes (leaked to unauthorized parties)Personally Identifiable Information: Yes
JUNE 2021
790Before Incident
Breach
16 Jun 2021UMD
Ministry of Defence (MoD), UK

Dozens of UK Afghan Data Breaches Uncovered at Ministry of Defence (MoD)

716After Incident
CRITICAL-74
UK-0893808100325
The UK Ministry of Defence (MoD) experienced 49 separate data breaches over four years within its Afghan Relocations and Assistance Policy (ARAP) unit, which handles relocation applications for Afghans at risk due to their work with British forces. The most severe incident involved a spreadsheet leak in 2022, where a soldier unknowingly shared hidden data containing personal details of nearly 19,000 Afghans, including names, contact information, and family associations. This breach, suppressed by a gagging order until 2024, risked exposing vulnerable individuals to Taliban reprisals. Other breaches included email misconfigurations (e.g., 265 Afghans’ email addresses exposed in 2021) and repeated failures in data handling protocols despite remedial measures like the 'two pairs of eyes' review rule. The breaches prompted fines (e.g., £350,000 for the 2021 email incident), legal scrutiny, and criticism over lax security culture, with lawyers and data protection experts questioning the MoD’s ability to safeguard highly sensitive information. The ICO acknowledged ongoing engagement but took no further action on the largest breach, citing resource constraints. Political blame shifted between Conservative and Labour administrations, with the latter claiming improved measures post-2024.
INCIDENT DETAILS -
TYPE
Data BreachUnauthorized DisclosurePrivacy Violation
MOTIVATION
Unintentional (Negligence/Lack of Compliance)
IMPACT
Financial Loss: £350,000 (Fine for 2021 Email Breaches)Email Addresses (265 in 2021)Personal Details (Names, Contact Information, Family/Associate Data for ~19,000 in 2022)Spreadsheet Metadata (Hidden Data)ARAP (Afghan Relocations and Assistance Policy) DatabaseMoD Email SystemsInternal Spreadsheet Storage/Sharing ToolsClosure of ARAP Scheme (July 2025)Legal Scrutiny and High Court InterventionsReputational Damage to MoD and UK GovernmentIncreased Workload for Remediation and ComplianceHundreds of Affected Afghans Represented by Barings LawPublic Outcry and Calls for TransparencyErosion of Trust in MoD Data HandlingCriticism from Lawyers, Data Protection Experts, and Opposition PartiesMedia Scrutiny (BBC, High Court Rulings)£350,000 Fine (2021 Breaches)Potential Further Fines or Legal Actions Pending ICO ReviewHigh Court Gagging Order (Lifted July 2025)Identity Theft Risk: High (Exposed PII Could Be Exploited by Threat Actors)
DATA BREACH
Personally Identifiable Information (PII)Email AddressesFamily/Associate DetailsApplication Status for Relocation265 (2021 Email Breaches)~19,000 (2022 Spreadsheet Leak)Undisclosed (45 Other Breaches)Sensitivity Of Data: Extremely High (Life-Threatening Risk to Afghans)Data Exfiltration: Yes (Unintentional, via Email/Spreadsheet Sharing)Spreadsheets (Excel)Emails (Outlook/Internal Systems)NamesContact Details (Email, Phone)Family Member InformationAssociate Networks

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for UMD ?
?
What was UMD's A.I Rankiteo Cyber Score in June 2026 ?
?
What was UMD's A.I Rankiteo Cyber Score in May 2026 ?
?
What was UMD's A.I Rankiteo Cyber Score in April 2026 ?
?
What was UMD's A.I Rankiteo Cyber Score in March 2026 ?
?
What was UMD's A.I Rankiteo Cyber Score in February 2026 ?
?
What was UMD's A.I Rankiteo Cyber Score in January 2026 ?
?
What was UMD's A.I Rankiteo Cyber Score in December 2025 ?
?
What was UMD's A.I Rankiteo Cyber Score in November 2025 ?
?
What was UMD's A.I Rankiteo Cyber Score in October 2025 ?
?
What was UMD's A.I Rankiteo Cyber Score in September 2025 ?
?
What was UMD's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on UMD's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with UMD ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view UMD's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?
UK Ministry of Defence Cyber Scoring History | Rankiteo