Three key questions after Afghan data breach sparked unprecedented secret evacuation

It has been more than three years since a British official inadvertently leaked a dataset containing the names and contact details of thousands of people who were attempting to flee possible Taliban revenge attacks.

In April 2024, the government began relocating some of them to the UK - but we are only learning this now because extraordinary lengths were gone to in order to prevent the breach and subsequent response coming to light.

As the full picture is finally disclosed to the public, these are the questions still facing Britain's security establishment.

It has happened before and it will doubtless happen again.

Think Wikileaks, Snowden and all the countless cyber-hacks and ransomware suffered by companies on an almost daily basis.

Data leaks are not new but sometimes – and it is quite possible that this is one of those times – they can be life-threatening.

The revelations that have come to light will have sent a chill down the spine of hundreds, possibly thousands, of Afghans who fear retribution by the Taliban.

For those already spirited out to Britain, it means they can probably never go back home as long as the Taliban are in power.

For the 600 former Afghan government soldiers and their estimated 1,800 dependants still in Afghanistan, the news will mean they are unlikely to breathe easily until the UK delivers on its promise to get them safely out.

It's important to bear in mind that all this was not the result of some deliberate, sophisticated cyber attack by a state-backed hacking group.

It evolved from an unintentional mistake made by just one individual working for the Ministry of Defence.

UK forces were deployed to Afghanistan, alongside US and Nato allies, over a period of almost 20 years, from October 2001 to August 2021.

During this time they worked closely with their Afghan government allies, relying heavily on their local knowledge and expertise.

The most sensitive area was in Special Forces (SF), for whom the Taliban reserved a particular hatred.

When Kabul and the rest of Afghanistan fell to the Taliban in the summer of 2021, there was a realisation that those now-former Afghan SF soldiers and their families were a priority for relocation to safety.

But thousands more Afghans also risked their lives to work with the British over those two decades.

Many did it out of patriotism, believing they were working to secure a better Afghanistan.

Some did it for the money, some did it because they trusted Britain to safeguard their lives and their personal details.

A data breach like this now threatens to undermine any future promises by a British official who says: "Trust us, your data is safe with us."

When this "unauthorised data breach" was finally discovered, a full 18 months after it occurred, the UK government obtained what is known as a super-injunction, preventing its publication by the media.

A super-injunction is so draconian that it means you cannot even report the fact that you cannot report it.

That measure has only just been lifted now, following an independent review.

There is a logical case to be made that this measure was necessary to protect the lives of those affected by the data breach.

However, questions are now being raised about whether the injunction - applied for by the previous, Conservative government - might also have been for political purposes.

The High Court judge who lifted the super-injunction, Mr Justice Chamberlain, said that it had "had the effect of completely shutting down the ordinary mechanisms of accountability which operate in a democracy".