UMD A.I CyberSecurity Scoring
UMD
Company Information
Website:https://www.gov.uk/mod
Employees number:30,825
Number of followers:765,422
NAICS:336414
Industry Type:Defense and Space Manufacturing
Homepage:www.gov.uk
UMD Risk Score (AI oriented)
Between 0 and 549
UMDDefense and Space Manufacturing
Updated:
13/07/2026
13/07/2026
325/1000
Critical
C
UMD Global Score (TPRM)
xxxx
UMDDefense and Space Manufacturing
Score locked

UMDCritical
Current Score
325C (CRITICAL)
01000
14 incidents
-37 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
333
Cyber Attack
05 Jul 2026 • UMD
Foreign Office and UK Government: Russian hackers infiltrate UK government emails in cyberattack targeting Foreign Office officials
APT28 Exploits DNS Hijacking to Breach UK Government Email Accounts
317
CRITICAL-16
FORGOV1783297461
APT28 Exploits DNS Hijacking to Breach UK Government Email Accounts
Russia’s state-backed hacking group APT28 (Fancy Bear), linked to the GRU’s Military Unit 26165, has compromised email accounts belonging to UK government and Foreign Office officials using DNS hijacking, marking a significant escalation in cyber espionage targeting Western democracies.
The attack, first flagged by the UK’s National Cyber Security Centre (NCSC) on April 7, 2026, exploited vulnerable internet routers to reroute traffic through malicious servers, silently harvesting login credentials, access tokens, and authentication details for email and web services. Unlike traditional phishing, this method intercepts legitimate traffic without requiring user interaction, making detection harder.
APT28’s campaign followed a two-phase approach: an initial opportunistic scan compromising over 18,000 networks, followed by a precision strike on high-value targets, including senior policymakers and diplomats. The NCSC attributed the attacks with high confidence to the GRU, noting the group’s long-standing focus on intelligence gathering rather than financial theft.
This tactic represents a tactical evolution from earlier spear-phishing campaigns (documented since 2018), shifting from social engineering to infrastructure-level compromise. While the NCSC emphasized that the primary goal remains espionage, the same vulnerabilities exploited in this attack unpatched edge devices and weak access controls pose risks across sectors, including crypto infrastructure.
The NCSC’s recommended mitigations firmware updates, strict access controls, and multi-factor authentication highlight persistent gaps between security best practices and real-world implementation.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JUNE 2026
331
MAY 2026
317
APRIL 2026
310
MARCH 2026
294
FEBRUARY 2026
285
JANUARY 2026
281
DECEMBER 2025
260
NOVEMBER 2025
298
Breach
04 Nov 2025 • UMD
Ministry of Defence (MoD), UK
Ministry of Defence (MoD) Data Exposure on Public Train
247
HIGH-51
UK-5234752110425
A Ministry of Defence (MoD) official accidentally exposed confidential government data by leaving their laptop unattended on a train. The breach involved sensitive information related to Afghan refugees fleeing the Taliban, alongside multiple other incidents within the same unit, including emails sent to incorrect recipients, insecure system access, and unauthorized employee data access. The case was criticized in Parliament as an institutional failure, highlighting systemic vulnerabilities in handling classified information. The incident underscores broader risks tied to remote work, such as unsecured environments (e.g., public Wi-Fi, public spaces) and inadequate monitoring of compliance. Experts emphasized the need for stricter policies, employee training, and secure handling protocols to prevent recurring breaches, particularly in high-stakes sectors like defense. The breach further erodes public trust in government data practices and raises concerns about operational security in hybrid work models.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
OCTOBER 2025
318
Cyber Attack
19 Oct 2025 • UMD
Ministry of Defence (MoD), UK
Major Breach: Russian Hackers Steal Hundreds of Ministry of Defence Files and Leak Them to Dark Web
293
CRITICAL-25
UK-5562155102025
Russian hackers (Lynx group) breached the UK’s Ministry of Defence (MoD) by exploiting a third-party contractor (Dodd Group), gaining access to hundreds of classified military documents—including files marked ‘Controlled’ or ‘Official Sensitive’—from eight RAF and Royal Navy bases. The leaked data (4TB total) includes names, emails, and mobile numbers of MoD personnel and contractors, car registrations, visitor logs for high-security sites (e.g., RAF Lakenheath, home to US F-35 stealth jets and nuclear bombs), and internal security instructions, aiding future phishing attacks. Two of four planned data dumps have been released on the dark web, with hackers threatening further leaks. The breach, described as ‘catastrophic’ by experts, compromises national security, embarrasses key allies (e.g., the US), and exposes critical vulnerabilities in the MoD’s supply chain and IT infrastructure. The attack leveraged a ‘gateway’ via a maintenance contractor, bypassing the MoD’s primary cyber defenses.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
SEPTEMBER 2025
313
AUGUST 2025
354
Breach
15 Aug 2025 • UMD
Ministry of Defence (MoD), UK
Ministry of Defence (MoD) Data Breach Exposing Afghan Interpreters' Details
298
CRITICAL-56
UK-841081625
A catastrophic data breach at the UK Ministry of Defence (MoD) exposed the personal details of thousands of Afghan interpreters and former special forces members who had worked alongside British troops. The leaked information—including identities, locations, and eligibility for UK relocation—was accessed by hostile actors, leading to direct threats from the Taliban. As a result, at least two families (including a former patrol interpreter and a special forces commando) had their UK relocation offers revoked despite prior approval. Pakistani police detained them, moving them to deportation camps with imminent risk of forced return to Afghanistan, where execution by the Taliban is highly probable. The breach has left vulnerable individuals—many of whom had waited years in limbo—without visas, financial support, or safe shelter. Children and wives of affected personnel now face severe psychological trauma (e.g., PTSD) and potential violence. Legal challenges have been filed, but the UK government cites failed security checks (conducted only after the breach) as justification for reversals. The incident underscores systemic failures in protecting at-risk allies, with critics condemning the move as ‘morally bankrupt’, given the life-or-death stakes for those abandoned. The reputational damage to the MoD and UK government is severe, compounded by accusations of betrayal toward those who served British forces.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JULY 2024
279
Breach
01 Jul 2024 • UMD
Ministry of Defence (MoD), UK
Ministry of Defence (MoD) Data Breach Exposing Afghan Relocation Details
223
CRITICAL-56
UK-42101642110425
The UK Ministry of Defence (MoD) suffered a mass data breach exposing highly sensitive personal details of thousands of Afghans who had supported British forces, including interpreters, staff, and their families. The breach led to a top-secret airlift operation to relocate at-risk individuals to Britain, costing £7 billion, while the MoD imposed a draconian super-injunction to suppress details for nearly two years. The exposed data placed Afghan allies in grave danger of retaliation from the Taliban, with the MoD failing to allocate funds for compensation or resettlement. Despite the court order being lifted in July 2024, the MoD continues to evade transparency, ignoring journalist inquiries and parliamentary scrutiny. The incident revealed systemic failures in data protection, financial accountability, and ethical governance, with MPs condemning the cover-up as a betrayal of those who served alongside UK forces. The breach’s fallout extends beyond financial mismanagement to life-threatening consequences for vulnerable individuals, eroding public trust in institutional accountability.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JUNE 2024
336
Breach
16 Jun 2024 • UMD
Ministry of Defence (MoD), UK
Ministry of Defence (MoD) Afghan Data Breach
275
CRITICAL-61
UK-1692216102125
A catastrophic data breach at the UK’s Ministry of Defence (MoD) exposed the personal details of 33,000 Afghans—individuals at risk from the Taliban due to their ties to British forces. The leak occurred when a highly classified Excel spreadsheet containing sensitive data was emailed to an unauthorized external recipient. The breach triggered a covert evacuation program but was concealed from the public and MPs for nearly two years under a superinjunction, only revealed after a prolonged legal battle by media outlets, including The Independent. The UK’s data regulator, the Information Commissioner’s Office (ICO), opted not to launch a formal investigation, citing reliance on the MoD’s 'honesty' and claiming resource constraints. No contemporaneous notes were taken due to the classified nature of the information, raising concerns over institutional failures. MPs criticized the ICO’s handling, describing it as ‘a few unrecorded meetings and a handshake’, while the MoD’s data practices were condemned as ‘top-secret information bandied about like confetti’. The breach risked life-threatening consequences for exposed Afghans, with no accountability or systemic reforms enforced until public scrutiny forced limited action in 2024.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
APRIL 2024
364
Breach
01 Apr 2024 • UMD
UK Ministry of Defence (MoD)
Afghan Data Breach and Relocation Assistance Dispute
313
CRITICAL-51
UK-4933149101325
The Afghan data breach involved the unauthorized exposure of sensitive personal data belonging to Afghan nationals, including QP1 and another claimant (QP2), who had worked with or were associated with UK forces during the Afghanistan conflict. The breach led to the leak of identities, roles, religious affiliations (e.g., Shia/Hazara), and perceived associations (e.g., falsely labeled as a 'spy'), placing individuals at severe risk of Taliban retaliation, persecution, or targeted violence. The UK government’s Defence Secretary refused relocation assistance in April 2024, arguing the claimants did not meet the 'highest risk' threshold, despite their vulnerable status.The judicial review challenge (dismissed in June 2025) highlighted systemic failures in risk assessment, where misclassification of high-profile status and underestimation of ethnic/religious threats (e.g., Hazara Shia minority) were central. The breach’s fallout included legal battles over accountability, with closed proceedings (e.g., 'Afghan superinjunction') obscuring full transparency. The incident underscores gaps in post-conflict data protection, where leaked information directly endangers lives, particularly in regions under hostile regime control. The case reflects broader governmental negligence in safeguarding at-risk collaborators, with long-term reputational and humanitarian consequences.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
AUGUST 2023
352
Breach
01 Aug 2023 • UMD
Ministry of Defence (MoD)
Data Breach of Afghan Personal Details by UK Ministry of Defence
292
CRITICAL-60
UK-707072025
The Ministry of Defence (MoD) experienced a significant data breach where the names and details of more than 19,000 people were leaked. This breach occurred when an unnamed official emailed a spreadsheet outside the government team processing Afghan relocation applications, leading to the data entering the public domain. The leak was discovered in August 2023 when names of individuals who applied to move to the UK appeared on Facebook. Many Afghans now fear retribution from the Taliban, and the MoD has stated it will not provide compensation or proactively give payouts to those affected. The breach has led to significant distress and worries for the affected families, who are seeking relocation to safer countries.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JULY 2023
403
Breach
01 Jul 2023 • UMD
Ministry of Defence (MoD), UK Government
UK Ministry of Defence (MoD) Afghan Resettlement Scheme Data Breach
343
CRITICAL-60
UK-22100222110425
In a catastrophic data breach, the UK Ministry of Defence (MoD) inadvertently leaked the personal details of 18,700 applicants to the Afghan resettlement schemes, exposing highly sensitive information that placed thousands of vulnerable individuals—including Afghan interpreters, allies, and their families—at severe risk of retaliation, persecution, or harm. The breach was concealed under an unprecedented 18-month superinjunction, blocking public and parliamentary scrutiny while the government failed to address the fallout effectively. Despite the legal gag being lifted in July 2023, 4,200 eligible applicants and their families remain stranded, awaiting relocation under the scheme. The incident revealed systemic failures in data protection, transparency, and accountability, with MPs and journalists highlighting a culture of secrecy within the MoD. The breach not only endangered lives but also undermined trust in the UK’s resettlement programs and its commitment to protecting at-risk Afghans who had assisted British forces.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JUNE 2022
439
Breach
16 Jun 2022 • UMD
Ministry of Defence (MOD), UK
MOD Afghan Citizens Data Breach (2022)
297
CRITICAL-142
UK-2893428111425
In 2022, the UK’s Ministry of Defence (MOD) suffered a severe data breach involving the accidental leak of personal details of ~19,000 Afghan citizens seeking refuge in the UK post-Taliban takeover. The breach occurred due to insecure handling of Excel spreadsheets on a SharePoint site, exposing sensitive information that led to 49 confirmed deaths (linked to Taliban reprisals) and placed thousands more at risk. The incident, concealed under a superinjunction until 2024, has incurred an estimated £850 million in costs (excluding legal/compensation claims, which could push totals into billions). The Public Accounts Committee (PAC) criticized the MOD for systemic failures, including outdated IT infrastructure, lack of cybersecurity specialists, and repeated breaches (e.g., a 2023 leak of military personnel data). The breach’s fallout includes operational disruptions, reputational damage, and potential long-term geopolitical consequences, as compromised Afghans included interpreters and allies critical to UK missions. The PAC demanded urgent reforms, including modernized systems and enhanced recruitment of digital security experts to prevent future incidents.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2022
549
Breach
01 Feb 2022 • UMD
UK Ministry of Defence (MoD)
UK Ministry of Defence (MoD) Data Breaches Related to Afghan Relocations and Assistance Policy (ARAP)
407
CRITICAL-142
UK-5033050102025
The UK Ministry of Defence (MoD) disclosed 49 data breaches tied to its Afghan Relocations and Assistance Policy (ARAP) and related schemes, exposing sensitive personal data of Afghan nationals who worked with the UK government. The most severe incident—a February 2022 spreadsheet error—compromised 18,700 individuals, with mitigation costs estimated at £850 million. Other breaches included blind carbon copy (BCC) email failures (fined £350,000 by the ICO), WhatsApp messages with insecure personal data, emails sent to wrong recipients (including non-relevant entities like a sports club), misclassified emails, and a laptop screen displaying sensitive data in public. Only 5 of 49 incidents were reported to the ICO, though the watchdog deemed the MoD’s reporting judgment satisfactory. The breaches risked endangering Afghan allies by exposing their identities to potential Taliban retaliation, while also damaging the MoD’s reputation and operational trust.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
OCTOBER 2021
672
Breach
01 Oct 2021 • UMD
Ministry of Defence (MoD), UK
Multiple Data Breaches in UK Ministry of Defence's Afghan Relocations and Assistance Policy (ARAP)
530
CRITICAL-142
UK-5762957102325
The UK Ministry of Defence (MoD) disclosed 49 data breaches tied to its Afghan Relocations and Assistance Policy (ARAP) and related schemes for Afghan nationals who aided UK forces. The most severe incident—a February 2022 spreadsheet error—exposed 18,700 Afghans’ personal data, including those seeking UK resettlement after the Taliban’s return. The breach, concealed under a super-injunction until July 2025, incurred £850M+ in mitigation costs and risked endangering lives by revealing identities to hostile actors. Other breaches included: - Blind carbon copy (BCC) failures (3 incidents, £350K ICO fine), exposing email recipients’ identities. - WhatsApp messages with insecure personal data. - Misdirected emails (e.g., sent to the Civil Service Sports Club or with incorrect classification levels). - Physical exposure: An MODNET laptop screen displaying sensitive data on public transport. - Microsoft Forms incident (October 2021), further compromising data. Only 5 of 49 incidents were reported to the ICO, though the watchdog accepted the MoD’s risk assessments. The breaches stemmed from operational negligence during high-stakes relocation efforts, heightening risks for vulnerable Afghan allies. The Defence Select Committee is investigating the 2022 breach under a broader inquiry.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
AUGUST 2021
718
Breach
01 Aug 2021 • UMD
Ministry of Defence (MoD), UK
UK Ministry of Defence (MoD) Afghan Data Breach and ICO Enforcement Concerns
667
CRITICAL-51
UK-5521755112425
The Afghan data breach involved the unauthorized disclosure of sensitive personal information belonging to Afghan nationals who had collaborated with British forces prior to the Taliban’s takeover in August 2021. The leak exposed names and other identifying details, placing these individuals—and potentially their families—at severe risk of retaliation, persecution, or fatal harm under Taliban rule. Despite the gravity of the breach, the UK’s Information Commissioner’s Office (ICO) opted not to launch a formal investigation into the MoD, nor did it impose any enforceable penalties. Critics argue this reflects a broader systemic failure in enforcement, where the ICO’s ‘public sector approach’—relying on non-binding reprimands rather than legal action—undermines deterrence and accountability. The breach is deemed one of the most serious in UK history, with life-threatening consequences for affected individuals, yet regulatory inaction has left victims without recourse. The incident has also eroded trust in the ICO’s ability to uphold data protection laws, particularly in high-stakes government failures.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JUNE 2021
790
Breach
16 Jun 2021 • UMD
Ministry of Defence (MoD), UK
Dozens of UK Afghan Data Breaches Uncovered at Ministry of Defence (MoD)
716
CRITICAL-74
UK-0893808100325
The UK Ministry of Defence (MoD) experienced 49 separate data breaches over four years within its Afghan Relocations and Assistance Policy (ARAP) unit, which handles relocation applications for Afghans at risk due to their work with British forces. The most severe incident involved a spreadsheet leak in 2022, where a soldier unknowingly shared hidden data containing personal details of nearly 19,000 Afghans, including names, contact information, and family associations. This breach, suppressed by a gagging order until 2024, risked exposing vulnerable individuals to Taliban reprisals. Other breaches included email misconfigurations (e.g., 265 Afghans’ email addresses exposed in 2021) and repeated failures in data handling protocols despite remedial measures like the 'two pairs of eyes' review rule. The breaches prompted fines (e.g., £350,000 for the 2021 email incident), legal scrutiny, and criticism over lax security culture, with lawyers and data protection experts questioning the MoD’s ability to safeguard highly sensitive information. The ICO acknowledged ongoing engagement but took no further action on the largest breach, citing resource constraints. Political blame shifted between Conservative and Labour administrations, with the latter claiming improved measures post-2024.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for UMD ??
What was UMD's A.I Rankiteo Cyber Score in June 2026 ??
What was UMD's A.I Rankiteo Cyber Score in May 2026 ??
What was UMD's A.I Rankiteo Cyber Score in April 2026 ??
What was UMD's A.I Rankiteo Cyber Score in March 2026 ??
What was UMD's A.I Rankiteo Cyber Score in February 2026 ??
What was UMD's A.I Rankiteo Cyber Score in January 2026 ??
What was UMD's A.I Rankiteo Cyber Score in December 2025 ??
What was UMD's A.I Rankiteo Cyber Score in November 2025 ??
What was UMD's A.I Rankiteo Cyber Score in October 2025 ??
What was UMD's A.I Rankiteo Cyber Score in September 2025 ??
What was UMD's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on UMD's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with UMD ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view UMD's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?