A contractor linked to the UK Ministry of Defence has suffered a cyber-attack, exposing personal data related to Afghan resettlement efforts.
The breach at Inflite The Jet Centre Ltd, a company providing ground services for flights linked to the UK’s defence ministry and the Cabinet Office, has affected up to 3,700 people.
These individuals, including Afghans seeking refuge as part of the Afghan Relocations and Assistance Policy, flew into London Stansted airport between January and March 2024.
The leak may have also released information of civil servants, soldiers on routine exercises, and journalists.
Inflite The Jet Centre Ltd confirmed the data breach, stating it involved “access to a limited number of company emails.” The company is working with the National Crime Agency and the National Cyber Security Centre on its investigation.
“We believe the scope of the incident was limited to email accounts only, however, as a precautionary measure, we have contacted our key stakeholders whose data may have been affected during the period of January to March 2024,” the statement said.
A government spokesperson emphasized that the incident has not posed any threat to individuals’ safety nor compromised any government systems.
“We take data security extremely seriously and are going above and beyond our legal duties in informing all potentially affected individuals,” they added.
This breach is the latest in a series of leaks involving private information of Afghan refugees, raising concerns over data security and privacy.
In February 2022, a separate breach by a defence official disclosed the personal data of 18,714 Afghans who had worked with British forces.
The UK high court granted a superinjunction to the Conservative government in 2023 to suppress information related to the breach, for which Labour Defence Secretary John Healey later issued an apology.
Campaigners have called for stronger oversight of contractors handling sensitive information, pointing out that outsourced companies often operate with weaker safeguards than government systems.
“The individuals affected by this breach are not just numbers on a database — they are people who trusted the UK with their safety,” a refugee rights group said in a statement.
Security experts warn that repeated breaches of this kind risk undermining confidence in government-run resettlement programmes. “For people whose lives may already be in danger, any compromise of personal information could have serious consequences,” a cyber-security analyst noted.