THE Ministry of Defence (MoD) has been fined £350,000 for an “egregious” data breach that exposed the personal information of Afghan nationals seeking to flee to Britain after the Taliban takeover.

Details belonging to 265 people were mistakenly copied into emails sent by the government, meaning they could be seen by all recipients, the Information Commissioner’s Office (ICO) found.

This could have led to a “threat to life” if the data disclosed fell into the hands of the Taliban, the data watchdog said.

In response to one email, two people “replied all” with one providing their location to the entire distribution list, which was made up of Afghan citizens eligible for evacuation, according to the ICO.

Under data protection law, organisations should have measures in place to avoid disclosing personal information.

The original email was sent on September 20, 2021, to vulnerable people left behind after the British airlift from Kabul.

The MoD then launched an internal investigation that revealed two similar breaches on September 7 and September 13 that year, the ICO said.

An MoD spokesperson said the department takes data protection obligations “incredibly seriously” and has added measures to address the issue.