Latest news with #dataBreach
The Independent
2 days ago
- Politics
- The Independent
Afghans ‘at risk of being radicalised in the UK' as Home Office urged to investigate threat
Afghans evacuated to safety in Britain are at risk of being radicalised because they may feel let down by their new life in the UK, a review into the catastrophic Ministry of Data data leak has warned. Paul Rimmer, the former deputy head of Defence Intelligence who led the government's review into the data breach, warned that competing pressures on the UK housing system and wider public services meant there was a 'growing gap' between the expectations and reality of life in Britain for Afghans who resettle here. His review urged the Home Office to investigate the risk of radicalisation further, warning that Afghanistan is 'becoming a base for a wide range of terrorist groups'. Under secret plans to evacuate Afghans affected by the breach to the UK, ministers had approved a scheme which estimated that ten per cent of refugees could become homeless. Those brought to Britain are housed in temporary accommodation for nine months before, in most cases, being expected to find their own homes. The review found that many might not have anywhere to live long-term. The findings were revealed in a new version of the report, which was shared with media parties to the superinjunction case, after a private version of the report was 'opened-up' by lawyers, allowing it to be shared. Mr Rimmer's review said experts, including NGOs and independent case workers, who gave evidence to the review, 'expressed concern around the risk that resettled Afghans could be radicalised in the UK'. It said there 'is a risk of a growing gap between resettled Afghans' expectations, and the reality of what ever-more stretched domestic services can deliver'. Some experts also 'highlighted concerns around the extent to which Afghanistan is becoming a base for a wide range of terrorist groups', prompting Mr Rimmer to urge the Home Office to investigate the issue 'in more detail'. It was revealed last week that around 18,700 Afghans who had applied to relocate to Britain over safety fears had their names and contact details exposed in a catastrophic MoD data leak. The breach happened when a member of the armed forces emailed a secret database to trusted contacts in February 2022. The blunder, which was only discovered in August 2023, resulted in some 16,000 Afghans being relocated to Britain as part of a covert operation over fears they would be targeted by the Taliban The operation was only publicly revealed last Tuesday after an unprecedented superinjunction banning details of the leak from being reported was lifted after nearly two years of secrecy. The trigger behind the lifting of the was Mr Rimmer's review which concluded that, while the Taliban does commit reprisals against former Afghan security forces, being identified on the dataset was unlikely to constitute sole grounds for targeting. It comes as prime minister Sir Keir Starmer told MPs on Monday that ministers were 'quite uncomfortable' about the continuing superinjunction when they discovered its existence on taking office in 2024. Sir Keir told the Liaison Committee: 'It was a shocking inheritance, we inherited the breach, the injunction and a secret scheme. A number of us were quite uncomfortable about that which is why we set up the review to ask the question, is it necessary for these arrangements still to be in place? That produced an answer, which was no.' Asked why it took Labour a year to come to that view, Sir Keir responded: 'It was a very complicated review... I wanted the review to be as careful as it could be. That was a risk assessment which held people's lives in it.' The prime minister's comments come as an accompanying report to the policy review revealed that more than 1,300 Afghans have become homeless and been given emergency housing help by councils since July 2023. Over 100 families were living in temporary accommodation, such as B&Bs and hotels, as of April this year. Under the government's Afghan Resettlement Programme, which covered public and secret resettlement routes for Afghans to come to the UK, around 10 per cent of Afghans were estimated to become homeless. Officials estimated this would be around 730 people a year, but the government review said this was 'overly optimistic', as it was overly reliant on Afghan families being able to find their own private rented accommodation. Ministers have now closed the secret ARR scheme, but will honour sanctuary invitations already sent out and will continue to process cases in the two public Afghan resettlement schemes. A government spokesperson said that all arrivals 'have to undergo robust security checks, including for national security. If they don't pass these checks, they are not granted indefinite leave to remain in the UK'. He added that the government is 'working with local authorities to ensure housing solutions meet the needs of the UK population, as well as Afghans who are resettling here'.
Daily Mail
5 days ago
- Politics
- Daily Mail
Government will 'robustly defend' any compensation claims from thousands of Afghans whose lives were put at risk by massive data breach
Thousands of Afghans included on a list of people trying to flee the Taliban are unlikely to receive compensation after their details were accidentally leaked. A spokesman for the Ministry of Defence (MoD) said the Government would 'robustly defend' any legal action or bid for compensation, adding these were 'hypothetical claims'. It has also been reported that the MoD will not proactively offer compensation to those affected. The data breach, which saw details of 18,714 applicants for the Afghan Relocations and Assistance Policy (Arap) scheme released in 2022, prompted an unprecedented gagging order amid fears the Taliban could target would-be refugees for reprisals. It also saw the establishment of a secret scheme, the Afghanistan Response Route (ARR), to bring some of those affected to the UK. But the MoD spokesman pointed to an independent review which found there is now little danger that appearing on the leaked spreadsheet would be enough to result in being targeted by the Taliban. Hundreds of data protection claims are expected to be lodged, with the High Court hearing earlier this week that a Manchester-based firm already had several hundred prospective clients. Previous Afghan data breaches led to the MoD compensating people whose details were leaked. Earlier this month, before the superinjunction preventing reporting of the 2022 leak was lifted, armed forces minister Luke Pollard announced £1.6 million in compensation for a separate incident involving the release of Afghan nationals' data. Mr Pollard said the MoD had agreed to pay up to £4,000 to each of the 265 people whose details were mistakenly copied into emails sent by the Government in September 2021. That breach also saw the Government fined £350,000 by the Information Commissioner's Office (ICO). But the ICO has said it will take no further action in relation to the larger 2022 breach, with Information Commissioner John Edwards saying there was 'little we could add in this case' given the 'high degree of public scrutiny' the MoD was already facing. In total, the Government expects 6,900 people to be brought to the UK under the ARR scheme, with costs reaching £850 million. Along with the Afghan nationals, the breach saw details of more than 100 British officials compromised, including special forces and MI6 personnel. It comes as the Mail revealed that Taliban warlords are on a vengeful killing spree against hundreds of Afghans after the Government lost the top secret database. One man was shot by a gunman who stepped from an alley on Monday and fired four bullets at close range into his chest – one of three assassinations in the past seven days. The brother of the former interpreter (above) was beaten by the Taliban demanding to know where his brother was hiding and if he had worked for the UK Panic has been spreading since Tuesday when Afghans were officially informed their personal details had been lost in the UK's worst ever data blunder, putting 100,000 'at risk of death'. Thousands received 'notifications' from His Majesty's Government saying sorry, and adding: 'We understand this news may be concerning.' It is not known if the Taliban actually has the database, which includes names of Afghans who helped the UK , as well as members of the British intelligence community, it is understood. But one Afghan soldier, who fled to Britain for fear of retribution, believes his brother was gunned down in the street this week because the militant group was aware of his affiliation to the UK. He said: 'If or when the Taliban have this list, then killings will increase – and it will be Britain's fault. There will be many more executions like the one on Monday.' The Mail has seen a dossier of more than 300 murders that include those who worked with the UK and some who had applied for the UK scheme, the Afghan Relocations and Assistance Policy (ARAP).
TechCrunch
6 days ago
- TechCrunch
Hackers are trying to steal passwords and sensitive data from users of Signal clone
Hackers are targeting a previously reported bug in the Signal clone app TeleMessage in an effort to steal users' private data, according to security researchers and a U.S. government agency. TeleMessage, which earlier this year was revealed to be used by high-ranking officials in the Trump administration, already experienced at least one data breach in May. The company markets modified versions of Signal, WhatsApp, and Telegram for corporations and government agencies that need to archive chats for legal and compliance reasons. On Thursday, GreyNoise, a cybersecurity firm with visibility into what hackers are doing on the internet thanks to its network of sensors, published a post warning that it has seen several attempts to exploit the flaw in TeleMessage, which was originally disclosed in May. If hackers are able to exploit the vulnerability against their targets, they could access 'plaintext usernames, passwords, and other sensitive data,' according to the firm. 'I was left in disbelief at the simplicity of this exploit,' GreyNoise researcher Howdy Fisher wrote in a post analyzing the flaw. 'After some digging, I found that many devices are still open and vulnerable to this.' According to the researcher, exploiting this flaw is 'trivial,' and it seems that hackers have taken notice. Contact Us Do you have more information about these attacks? Or about TeleMessage? We'd love to hear from you. From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or Do you have more information about these attacks? Or about TeleMessage? We'd love to hear from you. From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email . In early July, U.S. cybersecurity agency CISA listed the flaw — designated officially as CVE-2025-48927 — to its catalog of Known Exploited Vulnerabilities, a database that collects security bugs that are known to have been exploited by hackers. In other words, CISA says hackers are successfully exploiting this bug. At this point, however, no hacks against TeleMessage customers have been publicly reported. In May, TeleMessage, which at that point was a little-known alternative to Signal, became a household name after then-U.S. National Security Advisor Mike Waltz accidentally revealed he was using the app. Waltz had previously added a journalist to a highly sensitive group chat with other Trump administration officials, where the group discussed plans to bomb Yemen, an operational security snafu that caused a scandal leading to Waltz's ousting. After TeleMessage was identified as the app Waltz and others in the administration used to communicate, the company was hacked. Unknown attackers stole the contents of users' private messages and group chats, including from Customs and Border Protection, and the cryptocurrency giant Coinbase, according to 404 Media, which first reported the hack. TeleMessage did not immediately respond to a request for comment.
The Independent
16-07-2025
- Politics
- The Independent
Political superinjunctions put governments beyond the law – these powers must never be used again
In his first remarks about the Afghan leak affair, Sir Keir Starmer declared to the Commons that former Conservative ministers have ' serious questions to answer ' over the data breach. The prime minister was right about that. However, he should resist the temptation to over-politicise the issue, even as parliament and the media intensify their efforts to uncover the truth. Sir Keir has, after all, been in power for a year. While, in principle, his government could have moved more quickly to lift the extraordinary superinjunction, which shut down any possibility of scrutiny of this blunder for three years, we must remember it was the Conservative government that applied for the injunction in the first instance. Sir Keir, a very senior lawyer who well understands such matters, was reportedly 'angry' when he became prime minister and learned of the gagging order. Meanwhile, the defence minister, John Healey, acknowledged the scandal's potential to erode political trust, expressing that he is 'deeply concerned about the lack of transparency' caused by the superinjunction. The principal culpability in this tragic fiasco obviously lies with the party in power at the time – it was the Conservatives' mess, but Sir Keir will also need to explain why he didn't order his government lawyers to lift the superinjunction immediately. The staggering cost of the cover-up was beginning to look 'bonkers'. Mr Justice Chamberlain called the statement to provide 'cover' a 'very, very striking thing' and said it was 'fundamentally objectionable' that government decisions about thousands of lives and billions of pounds were made without scrutiny from parliament or the public. We certainly do know that this whole episode, and the treatment of Britain's former Afghan allies, has been shameful. In fact, that would be true even if the data breach had never happened. The Independent is proud of its campaign to secure just treatment for the members of the Afghan special forces who served alongside troops from Britain, the US and other nations in that long, pitiless 'war on terror'. Many of these fighters in the Afghan forces, known as the 'Triples' after their unit numbers, had been effectively abandoned as soon as Kabul fell, long before the leak. There were schemes to offer Afghans in danger refuge in the UK. That was an honourable thing to do, but in practice the Ministry of Defence and the Home Office showed great reluctance to act with any urgency after the British and Americans had scuttled out of the conflict, and many Afghans were left in limbo – hiding in Afghanistan or else in Pakistan, permanently at risk of being deported to their deaths. It bears repeating that these are not 'economic migrants' and would never have dreamt of coming to live virtually on the other side of the planet had George W Bush and Tony Blair not decided to invade their country in 2001. The Triples did not ask for that, but they did volunteer to fight with the allies for freedom. They were promised victory over the Taliban; instead they were left behind. Now, we discover that, without their knowledge, they were placed in mortal danger by the leak; even after it was brought to the attention of British ministers – and long after specific details about their role and their family members had found its way out of the Ministry of Defence and, in part, on to Facebook. Betrayed in the chaos of the allies' withdrawal in August 2021, they were thus betrayed once again, even after the government learned of the data breach in August 2023 and did so little to get them to safety, or even to inform them. The Independent publicly raised their plight three months later, in November 2023, when their jeopardy was even more acute. Following this publication's investigation, the Ministry of Defence admitted their decision-making was 'not robust' and announced a review of around 2,000 applications to the resettlement programme. It transpires that about a half of the Afghan ex-commandos initially identified for relocation to the UK were affected by the data breach. The Triples only found out about the blunder as the legal order was lifted this week. Mr Healey now tells parliament that he can't say if any Afghan heroes died at the hands of the Taliban because of the incompetence, negligence and indifference of the British government. That's a low point. Indeed, there are questions to answer. There will be parliamentary inquiries. The press, at last, is able to try to hold those responsible to account, and the ministers and officials involved will have an opportunity to explain and to defend themselves. Everyone from the member of the armed forces who sent the original email to the wrong people on a computer outside the official network to the then prime minister, Rishi Sunak, will be required to give evidence. So should Sir Keir and Mr Healey, who inherited the problem, and launched the Rimmer review into the current risks to the Afghans. Successive chancellors will need to account for how the cost, amounting to billions, was dealt with secretly. Internal memos and notes of meetings should be disclosed. Ben Wallace and Sir Grant Shapps, the defence secretaries in charge at the time of the breach and later legal actions, respectively, will be key witnesses. Even the speaker of the House of Commons, Sir Lindsay Hoyle and his counterpart in the upper chamber, John McFall, will have to give their own version of events and explain their apparent acquiescence in the suppression of parliamentary privilege, which, as Sir Lindsay himself says, 'raises substantial constitutional issues'. Having a speaker appear before a select committee may be unprecedented, but so is everything about this story. After such a long period of intense secrecy, the details of this scandal are still stumbling into the bright glare of public scrutiny. There will be much more embarrassment and shame to come. Transparency has been restored, thanks to our free press, but not yet full accountability. This scandal shows that once this veil of secrecy is in place for legitimate reasons, it can be all too easily used to cloak terrible blunders and duck scrutiny. There are probably no other such political superinjunctions in force, but there should never be any. The law must be changed so that one of the British legal system's most formidable weapons cannot be secretly abused in this way for as long as it has been. The alternative allows for some future populist-authoritarian government to slide into a Trumpian pattern of absolutism, placing itself safely beyond unwelcome investigation. Nothing remotely like this affair should happen again – and any remaining Triples at risk need to be evacuated. No more delays.
Telegraph
16-07-2025
- Politics
- Telegraph
MoD warns lawyers it will ‘fight them hard' on Afghan leak compensation
The Ministry of Defence has warned law firms suing for compensation for the Afghan leak victims that it will 'fight them hard'. At least two practices have vowed to take legal action against the Government on behalf of hundreds who claim they were affected by the most damaging data breach in British history. The 2022 leak of details of 18,800 Afghans, along with about 6,000 of their family members, was revealed on Tuesday after a super-injunction was lifted by the High Court. Hundreds of Afghans say the leak by a Royal Marine risked their lives. Compensation cases could cost taxpayers nearly £1bn, with two legal firms saying they are representing clients. However, a spokesman for the MoD said: 'We will do everything possible to defend against any compensation claims. 'We have taken appropriate action in line with the level of risk these individuals faced. Any claims we do get, we will fight them hard.' It is not clear what the MoD's defence would be, and the ministry would not elaborate on this. The breach occurred in February 2022, when the Marine emailed a group of Afghans, accidentally including a spreadsheet naming nearly 25,000 Afghans applying for asylum on the basis they had worked with the British Army, as well as identifying their family members. Law firms are approaching clients to sue the MoD, including Barings Law, based in Manchester, which is acting on behalf of at least 1,000 Afghans who claim they were affected. It was reported the firm sent messages on WhatsApp groups urging Afghans to sign up to the legal case on the expectation they would be given large sums of money, without being able to explain the grounds without breaching the super-injunction. It hopes to claim £50,000 from the MoD for each individual involved in the breach. If all 18,800 soldiers make a successful claim, the compensation bill could be as high as £940m. That sum could grow if any of the Afghan soldiers' family members join the legal claim, taking it towards £1 billion in total. Adnan Malik, head of data protection at Barings Law, said: 'This is an incredibly serious data breach, which the MoD has repeatedly tried to hide from the British public. 'It involved the loss of personal and identifying information about Afghan nationals who have helped British forces to defeat terrorism and support security and stability in the region. 'Through its careless handling of such sensitive information, the MoD has put multiple lives at risk, damaged its own reputation, and put the success of future operations in jeopardy by eroding trust in its data security measures.' Second firm involved The Telegraph can reveal that a second law firm, Leigh Day, is acting for potential clients. A spokesman said the firm had been contacted by clients who had been told by the MoD that their details were part of the data breach. Others approached Leigh Day via its website after reading about its work. Sean Humber, a data breach lawyer, said: 'We are acting for clients affected by the data breach who remain in Afghanistan and others who are now in the UK. 'The priority must be ensuring the safety of those affected by the data breach who remain in Afghanistan. 'The level of compensation is likely to be in the thousands, although the exact amount is likely to vary and will probably be higher for those remaining in Afghanistan compared to those that have successfully relocated to the UK.' The firm said it could not say how many clients it had or how much compensation they were seeking. The leak came to light in 2023, when an anonymous Facebook user posted extracts of the data on the social media site. MoD officials contacted Meta, the company that owns Facebook, and the posts were deleted within three days. However, the Government decided it had no choice but to offer asylum to the Afghans affected because the leak had left them at risk of reprisals from the Taliban. The breach has only just come to public attention after an unprecedented super-injunction was lifted by the High Court. The MoD's combative approach to compensation is a marked contrast to the Tory government's stance over a previous 'BCC incident' in 2021. Then, the MoD mistakenly exposed the personal information of 277 Afghan nationals, some of whom had worked for the British government and were in hiding from the Taliban. A mass email was sent to those, such as interpreters, who could be targeted by the Taliban and were eligible to be relocated. Their emails were added to the 'To' field instead of the 'blind carbon copy' section, meaning their names could be seen by all recipients. The Tory government agreed to set up a taxpayer-funded compensation scheme, which Labour agreed to honour with an offer of up to £4,000 for each of the victims. But they will not do the same for the latest data breach, which is on a much larger scale and could have put 100,000 lives at risk.
