Up to 3,700 Afghans, troops and civil servants may be data-breach victims

Up to 3,700 Afghans, British troops and civil servants may have fallen victim to a fresh data breach, after an incident involving a Ministry of Defence-linked company.

Stansted-based Inflite The Jet Centre Ltd suffered a data security incident which led to “unauthorised access to a limited number of company emails”, according to the firm.

The company provides ground handling for flights operated under a contract involving the MoD and the Cabinet Office.

About 3,700 individuals are thought to be potentially affected by the incident, including Afghans who were brought the UK.

Troops

Troops travelling to routine military exercises and journalists accompanying ministers on official engagements are also among the potential victims.

“We were recently notified that a third party sub-contractor to a supplier experienced a cyber security incident involving unauthorised access to a small number of its emails that contained basic personal information,” a Government spokesperson said.

“We take data security extremely seriously and are going above and beyond our legal duties in informing all potentially affected individuals.

“The incident has not posed any threat to individuals’ safety, nor compromised any Government systems.”

Company emails

A statement published on Inflite The Jet Centre’s website reads: “We can confirm that Inflite The Jet Centre Limited recently experienced a data security incident involving unauthorised access to a limited number of company emails.

“We have reported the incident to the Information Commissioner’s Office and have been actively working with the relevant UK cyber authorities, including the National Crime Agency and the National Cyber Security Centre, to support our investigation and response.

“We believe the scope of the incident was limited to email accounts only, however, as a precautionary measure, we have contacted our key stakeholders whose data may have been affected during the period of January to March 2024.”

The data is not thought to have been shared publicly or released on the dark web.

In one email, seen by the PA news agency, the Cabinet Office told a passenger that there was “a risk” their visa details and information about their job had been leaked.

Passport details

Their passport details may also have been compromised. The notification read: “HM Passport Office advises that you do not need to cancel or replace your passport, as security measures are in place to prevent misuse without the physical document.”

The victim may be affected by the leak “because certain information is required by ground-handling companies to enable flights to depart and to arrive”.

In a separate notification reported in The Independent and The Times, the Government’s Afghan resettlement team said that Afghan Relocations and Assistance Policy (Arap) reference numbers may also have been leaked.

Some Afghans who fought alongside British forces have already had their data leaked, after a defence official released the details of 18,714 individuals “in error” in February 2022.