Security committee launches inquiry into Afghan data leak

Parliament's intelligence watchdog has announced it will launch an inquiry into a major data breach which compromised the identities of thousands of Afghans and British military officials.

The data leak prompted a super-injunction which meant the Intelligence and Security Committee (ISC), which routinely reviews sensitive material, was not briefed until last week.

Chairman Lord Beamish said all intelligence documents related to the case should be provided "immediately" for review.

A Ministry of Defence (MoD) spokesman said the government strongly welcomed the committee's scrutiny of the data leak.

The ISC oversees the work of MI5, MI6 and the Government Communications Headquarters (GCHQ).

In a statement on Monday, Lord Beamish said the cross-party group would "conduct an inquiry into the intelligence community's role and activity in connection with the loss of data" after considering defence assessments related to the case.

The peer had previously voiced concern over "serious constitutional issues" raised by the handling of the breach, which went undiscovered for more than a year before the gagging order was requested.

The ISC has argued that - under the Justice and Security Act 2013 - classification of material is not grounds on which information can be withheld from the committee, given its purpose is to scrutinise the work of the UK intelligence community.

An MoD spokesman said: "We recognise the urgent need to understand how these significant failures happened and ensure there's proper accountability for the previous government's handling of this matter.

"The Ministry of Defence has been instructed by the defence secretary to give its full support to the ISC and all parliamentary committees. If incumbent ministers and officials are asked to account and give evidence, they will."

The leak was made in February 2022 by someone working at UK Special Forces headquarters in London, who inadvertently emailed a spreadsheet containing more than 30,000 resettlement applications to an individual outside of government, thinking that he was sending data on just 150 people.

The data breach was only identified in August 2023, when a man in Afghanistan made a Facebook post identifying nine individuals and indicated he could release the rest, in a sequence of events that government sources said was "essentially blackmail".

The MoD applied for a gagging order in September 2023, due to the risk of reprisals from the Taliban against nearly 19,000 Afghans who were revealed to have worked with British forces in Afghanistan.

The High Court put a highly-restrictive super-injunction in place, meaning even the existence of the gagging order could not be reported until a judge lifted the order last week.

The discovery of the data breach forced the government to covertly set up the Afghanistan Response Route (ARR) to bring some 7,000 of those affected to the UK at a projected final cost of about £850m.

A spokesman for the MoD said the government would "robustly defend" any legal action or bid for compensation, adding these were "hypothetical claims".

It has also been reported that the MoD will not proactively offer compensation to those affected.