UK data regulator defends decision not to investigate MoD Afghan data breach

The UK's data protection regulator declined to launch an investigation into a leak at the Ministry of Defence that risked the lives of thousands of Afghans connected with the British Armed Forces.

The MoD was responsible for the accidental data breach, which took place in February 2022 and is likely to have cost more than £850 million. Evidence of the breach only came to light in July this year after a government superinjunction, imposed in August 2023, was lifted.

According to a report [PDF] from the National Audit Office (NAO), the MoD first became aware of the data breach in August 2023 when personal details of ten individuals from the dataset were posted to Facebook.

Speaking to MPs this week, Information Commissioner John Edwards, who oversees government data protection, said his office decided not to launch an investigation into the historic leak after meeting with MoD officials.

"During those ...