THE Ministry of Defence (MoD) has admitted to dozens more data breaches relating to Afghan relocation cases, a report revealed today, raising concerns of a “troubling pattern of negligence.”

A freedom of information request by the BBC revealed there have been a total of 49 data breaches in the past four years, far more than the four previously known to the public.

Among those already known was a leak in 2022 of a spreadsheet containing the details of almost 19,000 Afghans, described by the information watchdog as a “one-off occurrence.”

Following the breach, the MoD ordered a gagging order, which was only lifted last month.

The leaks concern applications for safe relocation under the Afghan Relocations and Assistance Policy (Arap), which was set up to help people who feared that their lives were at risk because they had worked with British troops.

Sean Humber, a lawyer at Leigh Day, which acts for Afghan citizens affected by previous breaches, said: “These data breaches betray a cavalier attitude to keeping such sensitive information safe as well as a complete disregard for the potentially life-and-death consequences of failing to do so.

“The Information Commissioner’s Office must now roll up its sleeves and carry out a thorough and immediate investigation of what appears to be systemic failures of data protection policies, procedures or practices by the Ministry of Defence.

“This dangerous shambles cannot be allowed to continue.

“All those affected must be notified of the breach of their personal data, including the personal data affected, without further delay and appropriate steps taken to ensure their safety.”

Adnan Malik, of Barings Law, also representing affected people, said: “This represents a deeply alarming data failure and the recent 49 Ministry of Defence breaches make clear that the Afghan case was not an isolated error but part of a wider and troubling pattern of negligence.”

An MoD spokesperson said: “We take data security extremely seriously and are committed to ensuring that any incidents are dealt with properly, and that we follow our legal duties.

“All incidents that meet the threshold under UK data protection laws are referred to the Information Commissioner’s Office and any lesser incidents are examined internally to ensure lessons are learned.”