By U.S. Marine Corps photo by Lance Cpl
Thousands of Afghans were quietly relocated to the UK under a covert scheme created after a British government official accidentally leaked their personal information, it has now been revealed.
In February 2022, the personal data of nearly 19,000 people who had applied to come to the UK following the Taliban’s return to power was exposed. The breach, involving names, contact details, and family information of those at risk of Taliban reprisals, went undisclosed for more than three years.
The leak was only brought to public attention on Tuesday, following a High Court ruling that lifted a government-imposed superinjunction. The injunction had prevented any reporting on the leak, the government’s response, and the secretive resettlement programme set up in its aftermath.
The government became aware of the breach in August 2023, more than a year after it occurred. In response, officials quietly created a new relocation initiative — the Afghan Relocation Route — nine months later. Since then, 4,500 Afghans have been resettled in the UK through the programme, with a further 600 individuals and their immediate families still awaiting transfer.
The scheme, which has cost £400 million to date and is projected to require an additional £400–£450 million, is now being wound down. However, all existing relocation commitments will still be fulfilled, officials said.
The Ministry of Defence confirmed that the leak was caused by an unnamed official who mistakenly sent a spreadsheet outside authorised government channels. Although serious, the incident did not prompt a police investigation, with the Metropolitan Police deeming it unnecessary.
Speaking in the House of Commons, Defence Secretary John Healey issued a formal apology, calling the breach a “serious departmental error.” He explained that the spreadsheet’s contents surfaced on Facebook, prompting immediate concern over potential Taliban access.
Healey revealed the leaked data included the identities of senior military personnel, government officials, and members of Parliament. It was one of several data security failures associated with the chaotic evacuation of Afghanistan in August 2021, when the Taliban quickly regained control of Kabul following the withdrawal of US troops.
Despite the gravity of the breach, the Ministry of Defence has not disclosed whether any individuals were arrested or killed as a result. An independent review concluded that it was “highly unlikely” someone would be specifically targeted due to the leak. The same review described the secret relocation scheme as an “extremely significant intervention,” acknowledging that while the threat was potentially limited, the government’s action was substantial and appropriate.
In court on Tuesday, Mr Justice Chamberlain said it was “quite possible” that some who saw the Facebook post containing the leaked data were Taliban infiltrators or relayed the information to Taliban-aligned individuals.
Affected individuals were only notified this week, with an official email advising them to “exercise caution” online and avoid contact from unknown sources.
The Defence Secretary said that those resettled under the secret programme had already been included in the UK’s immigration figures.
The revelation dates back to the aftermath of the UK’s involvement in the Afghanistan evacuation, when the Afghan Relocations and Assistance Policy (Arap) scheme was launched to help Afghans in danger move to the UK. That effort has been widely criticised. A 2022 Foreign Affairs Committee inquiry labelled the evacuation a “disaster” and a “betrayal.”
Following the discovery of the leak and the launch of the Afghan Relocation Route in 2023, the government obtained a rare superinjunction from the courts — an order so strict it not only barred publication but prevented any acknowledgement that such an order existed. This unprecedented legal move silenced media outlets and public officials alike.
Even John Healey, then serving as the opposition shadow defence secretary, said he had been prohibited from discussing the issue due to the sweeping legal restrictions.
Delivering his summary judgment, Mr Justice Chamberlain sharply criticised the government’s use of the injunction, saying it raised “serious free speech concerns.”
He said the superinjunction “completely shut down the ordinary mechanisms of accountability which operate in a democracy,” and warned that it had created a “scrutiny vacuum.”
Shadow defence secretary James Cartlidge, who served in government when the secret scheme was implemented, acknowledged the severity of the situation. “This data leak should never have happened and was an unacceptable breach of all relevant data protocols,” he said.
Erin Alcock, a lawyer at the firm Leigh Day, which represents hundreds of Arap applicants and their families, called the incident a “catastrophic failure.”
The full implications of the breach — and the extraordinary efforts made to contain its fallout — are only now beginning to come into public view.
