Unveiled covert £850 million program by the government: Granting asylum to Afghans following a data leak incident

Unveiled covert £850 million program by the government: Granting asylum to Afghans following a data leak incident

In early 2022, a serious data breach occurred within the UK's Ministry of Defence (MoD), leaking personal data of approximately 19,000 applicants involved in the Afghan Citizens Resettlement Scheme (ACRS). This sensitive information, including names, contact details, and family data, exposed vulnerable individuals to renewed threats from the Taliban, undermining their safety despite the government's protective efforts.

The ACRS, initially established to assist Afghans who had aided British forces and diplomats and were at risk of Taliban retaliation, is now closed for new referrals. As of July 2025, all eligibility decisions for the scheme's first stage (Pathway 3) have been completed. The government continues to facilitate the relocation of those already approved, with a focus on Afghans and certain eligible nationals from other countries, including spouses and dependent children under 18. Strict conditions apply for security screening, and individuals implicated in severe crimes are ineligible.

The cost of the ACRS, part of a broader billion-pound plan linked to rescuing and resettling Afghans who assisted British forces, amounted to around £850 million. The data breach has triggered significant concerns about safeguarding sensitive personal information and protecting vulnerable populations. The leak may have legal implications, including potential scrutiny over data protection and governmental responsibility to secure personal data. However, specific legal actions or consequences have not been publicly detailed.

The leak came from a soldier who inadvertently sent a list of names to Afghan contacts. The full details of the leak were only revealed after a superinjunction was lifted on Tuesday. The government has faced criticism for seeking to cover up details of the leak, potentially leading to a potential lawsuit against the government.

Sean Humber, a prominent figure, has called for a thorough and independent review of the MOD's data processing policies and practices to prevent further breaches. Emily Keaney, deputy commissioner at the Information Commissioner's Office (ICO), states that no regulatory action will be taken against the MoD as it has taken necessary steps to prevent another breach.

The Afghan relocation scheme may face questions regarding its potential impact on the asylum system. Afghanistan is the main nationality for around 15% of all individuals involved in small boat crossings since 2018. The government continues to work with international partners and NGOs to support eligible Afghans at risk in the region, beyond the closure of the scheme for new enrollments.

The breach is expected to cost the government £850m and 6,900 people are expected to be relocated by the end of the scheme. The government has set aside £6bn to offer asylum to Afghans involved in the breach, putting pressure on government spending. The full revelations of the leak and associated costs come at a time when public finances are under strain, with city analysts predicting the government will have to raise as much as £24bn in taxes later this year to plug gaps.

Data protection should never be a barrier to sharing information when needed to prevent harm, according to Emily Keaney. John Healey stated that withholding information from parliament was "deeply uncomfortable." The leak of identities of thousands of Afghans, including those applying for asylum, is considered a "serious departmental error" and a breach of data protection protocols. Despite the ongoing efforts to rectify the situation, the existence of the list could still pose risks to Afghans.

The Afghan Citizens Resettlement Scheme, initially intended as a gesture of gratitude and protection, has faced unforeseen challenges. As the government continues its work to support eligible Afghans, the call for a thorough review of data processing policies and practices remains a pressing concern.

1. The data breach from the UK's Ministry of Defence in early 2022, regarding the Afghan Citizens Resettlement Scheme (ACRS), has posed legal implications due to potential scrutiny over data protection and governmental responsibility for securing personal data, particularly concerning £850m spent on the scheme.
2. The breach may have further implications for the ACRS, as it might impact the asylum system given that Afghanistan is the main nationality for around 15% of individuals involved in small boat crossings since 2018.
3. The cost of the data breach, estimated at £850m, has put pressure on government spending, with city analysts predicting the government will have to raise as much as £24bn in taxes later this year to plug gaps, due to the expense of the ACRS and the anticipated relocation of 6,900 people.
4. The Afghan relocation scheme may face criticism for covering up details of the data breach, potentially leading to a potential lawsuit against the government, while the Information Commissioner's Office (ICO) has stated that no regulatory action will be taken against the MoD as it has taken necessary steps to prevent another breach.
5. Sean Humber calls for a comprehensive and independent review of the Ministry of Defence's (MoD) data processing policies and practices to uphold data protection and prevent future breaches, addressing concerns over sensitive information leaks that could harm vulnerable populations and undermine their safety.

Read also: