A Soldier Pressed Send. The Government Spent Two Years Making Sure Nobody Found Out.

The welfare algorithm operates in secrecy. But even the Department for Work and Pensions has not attempted what the Ministry of Defence did next: obtain a court order suppressing not just information about a catastrophic failure, but the existence of the court order itself.

In February 2022, a Ministry of Defence official prepared an email containing details of around 150 Afghan nationals who had applied for relocation to the United Kingdom under the Afghan Relocations and Assistance Policy. These were interpreters, intelligence sources, local contractors, special forces auxiliaries: people who had risked their lives and their families' lives to assist British operations during twenty years of war in Afghanistan. The Taliban had seized Kabul six months earlier. Every name on the list was a potential death sentence.

The official intended to send details of 150 people. The file contained a hidden tab. Inside that tab were the records of over 18,700 Afghan nationals and their relatives: roughly 33,000 entries in total. Names. Contact details. Family information. Links to UK personnel. The entire database of people who had applied for British protection because working with British forces had made them targets.

The official pressed send.

Stop here and consider the operational absurdity. The most sensitive personal data the British state held on its Afghan allies — people whose exposure to the Taliban carried a risk of murder, torture, and reprisal against extended families, worse than GCHQ's Wikipedia site Edward Snowden scraped with HTTrack — was stored in an Excel spreadsheet on a SharePoint site. Not in an encrypted casework system. Not in a classified database with access controls. In a spreadsheet, with a hidden tab any competent user could find in seconds, sitting on a collaboration platform designed for sharing. The Public Accounts Committee would later describe the MoD's use of spreadsheets to manage this data as "inappropriate." This is the kind of understatement that makes parliamentary language a barrier to public understanding. It was insane.

And this was not an isolated failure of data handling. In the same period, two separate group emails from the ARAP unit exposed the email addresses and, in one case, the locations of hundreds of Afghan nationals by failing to use blind carbon copy. The MoD has acknowledged 49 separate data breaches at the unit handling Afghan relocation applications.

Forty-nine.

The spreadsheet was not a freak accident in an otherwise competent operation. It was the largest detonation in a field of unexploded ordnance.

The Spreadsheet Turns Up On Facebook

The breach went undetected for eighteen months. The MoD did not discover it through its own systems, its own audits, or its own data protection processes. It discovered it in August 2023, when an excerpt from the spreadsheet surfaced in a Facebook group.

A national newspaper obtained the story and contacted the MoD for comment. The Ministry's immediate response was not disclosure. Not notification of those affected. Not a public explanation. It was suppression.

On 1 September 2023, the High Court granted the Ministry of Defence a super-injunction. A super-injunction does not merely prohibit reporting of the information in question. It prohibits reporting the existence of the injunction itself. This one was issued contra mundum, or "against the entire world."

It was, by all accounts, the first super-injunction ever granted to the UK government.

For nearly two years, journalists who knew about the breach could not report it. They could not report they were forbidden from reporting it. Parliamentarians were excluded. The National Audit Office was told a "secret matter" existed relating to a data breach. It was not told the operational consequences, the number of people affected, or the likely cost. One NAO audit director was told by the MoD not to pass the information to anyone else within the spending watchdog. The body whose entire constitutional purpose is scrutinising public money was forbidden from knowing what public money was being spent on.

The Information Commissioner's Office (the regulator specifically responsible for data protection) was informed a serious breach had occurred but was told "sensitivity" prevented any further information being shared. Three weeks later, an ICO official attended a meeting where he was served with the super-injunction and given what the ICO later described as "an overview." The rationale for the injunction was not shared. On 5 December 2023, the Deputy Commissioner for Regulatory Supervision decided the ICO was "not in a position to independently investigate the incident." The Commissioner was briefed "at a high level" and did not demur.

This is worth pausing on.

The super-injunction explicitly stated it did not prevent the ICO from taking "any steps in private" it considered appropriate. The security classification of the information created, in the ICO's own words, "additional handling difficulties" — not impossibility. The data protection regulator chose not to investigate the largest data breach in the Ministry of Defence's history because it was told the matter was sensitive. It was sensitive. That was the entire point. A regulator whose purpose is to hold powerful institutions to account on data protection declined to do so because the powerful institution told it the situation was too sensitive for scrutiny.

This is the pattern readers of this series will recognise. The CQC lost 500 reports inside its own IT system and could not tell you whether your hospital was safe. The DWP went to court to keep its own profiling model's error data secret. The Treasury wrote to 17 regulators telling them to stand down. And the ICO — the body charged with ensuring personal data is protected — received evidence of a catastrophic breach affecting nearly 19,000 people whose lives were at risk, and decided it was not in a position to investigate. The watchdogs did not merely fail. When confronted with the thing they existed to catch, they stood aside.

27,000 New Migrants In Hotels

The government launched Operation Rubific: a secret evacuation programme to relocate those named in the spreadsheet who were deemed at highest risk. The Afghanistan Response Route was established in April 2024 as a classified immigration programme for those ineligible for existing resettlement schemes but endangered by the leak. It was originally intended to cover around 150 individuals and their families. By mid-2025, the estimated eligible population had expanded to 7,355 people. The MoD now estimates up to 27,278 people affected by the breach could ultimately be resettled in the United Kingdom.

The programme was excluded from immigration statistics. It was excluded from Home Office updates and MoD accounts. Statements to Parliament omitted references to the breach and used what the court would later describe as "vague language" to obscure the rising number of Afghan arrivals.

The costs are staggering and, characteristically, unverifiable.

The MoD estimates the Afghanistan Response Route alone will cost around £850 million. The NAO has said it lacks confidence in this figure because the MoD did not separately identify ARR costs in its accounting system, instead bundling them with total Afghan resettlement spending. The MoD's explanation for combining the figures was compliance with the terms of the super-injunction. Total spending on all Afghan resettlement schemes since 2021 is forecast to exceed £2 billion by 2029. In October 2024, ministers signed off on a broader resettlement framework with estimated total costs ranging between £5.5 billion and £7 billion. The PAC described the cost estimates as insufficiently evidenced.

Nobody, not the NAO, not Parliament, not the public, can tell you with confidence what this breach has cost, because the instruments of financial scrutiny were deliberately excluded from knowing it existed.

And the human cost. In October 2025, academic research conducted by the University of York, Lancaster University, and the charity Refugee Legal Support surveyed 350 Afghans affected by the leak. Of the 231 who had been formally notified by the MoD, 49 reported a family member or colleague had been killed as a direct result of the breach. Two hundred reported experiencing personal risks or threats to their families, ranging from house raids to extreme violence. Nearly 100 reported direct threats to their own lives. A former member of the Afghan special forces described his father being beaten until his toenails were torn out. His family remains under constant threat.

The MoD's response to this research was to cite a classified review by former defence intelligence official Paul Rimmer, which concluded it was "highly unlikely" merely being named on the spreadsheet would be grounds for targeting. Forty-nine families disagree.

And because the programme operated in secrecy, because normal parliamentary scrutiny, media scrutiny, and public scrutiny were all legally suppressed, the vetting and safeguarding processes applied to those entering the country under the emergency scheme could not be examined until after the injunction was lifted. When it was, the political fallout was immediate.

The Home Office was unable to produce consolidated data on criminal offences committed by those resettled under Afghan schemes, because it lacked the joined-up data systems to do so. Local councils could flag individuals as serious "cases of interest" (violence, weapons, terrorism, sexual offences) but the Home Office had no central overview. The public was told nothing for two years, then told everything at once, and the result was a firestorm in which legitimate questions about oversight were tangled with partisan recrimination and contested statistics. The secrecy did not protect anyone. It deferred the crisis and magnified the explosion.

Cover-Up: The First British Instinct

The thirty-year rule (now the twenty-year rule) has for decades ensured public records are sealed long enough for most participants and victims to die before the truth emerges. Colonial records under Operation Legacy were removed or destroyed before independence in former British territories. The Bloody Sunday inquiry took twelve years. The infected blood inquiry took six. The Hillsborough families fought for over two decades against a police force and a government determined to suppress the truth. In each case, the state's first instinct was not accountability but containment. Not disclosure but management. Not correction but delay.

The Afghan super-injunction fits this tradition with alarming precision, but it represents something new as well. Previous secrecy efforts required political will and institutional complicity. The super-injunction formalised concealment as a judicial instrument. The government did not merely refuse to comment, or classify documents, or invoke ministerial discretion. It went to court and obtained a legal prohibition — enforceable by contempt of court and imprisonment — against anyone, anywhere, reporting what had happened or even acknowledging a prohibition existed. It was secrecy with teeth, and it operated for nearly 600 days.

Mr Justice Chamberlain, who eventually lifted the order in July 2025, noted the scale of spending, the suppression of public accountability, and the misleading nature of official statements as grounds for ending it. The super-injunction had not protected national security in any meaningful ongoing sense. It had protected institutional reputation. It had shielded ministers from scrutiny on a programme whose costs were spiralling, whose scope was expanding, and whose consequences — including the deaths of people the programme was meant to save — were being documented in academic research nobody was permitted to cite.

The self-correcting society cannot correct what it will not allow itself to see. Every mechanism described in this series, i.e. the abolished auditors, the overwhelmed regulators, the gamed waiting lists, the silenced watchdogs, removes a feedback loop. The super-injunction removes the most fundamental feedback loop of all: the right of the public to know what is being done in its name with its money and with consequences for its safety.

Secrecy, Lying, And Judicial Games

This series has documented oversight systems breaking down. Regulators failing. Auditors absent. Statistics manipulated. But the Afghan breach represents a different category of failure. Here, the oversight systems did not break down. They were switched off by executive action and judicial order. The NAO was told to stop asking. The ICO chose not to investigate. Parliament was excluded. The press was gagged. Everything the self-correcting society depends upon — scrutiny, transparency, accountability, the right to know — was suspended by the same state that caused the disaster in the first place.

And when the injunction was finally lifted, what emerged was not just a data breach. It was a secret immigration programme costing billions, with vetting processes nobody could examine, consequences nobody could measure, and a cost nobody could verify. The MoD was managing Afghan resettlement data in spreadsheets. It is managing the consequences of that failure with the same institutional reflexes: suppress the information, limit the scrutiny, control what the public is permitted to know, and hope the problem remains contained.

The PAC's chair described it as a "farrago of errors and missteps." He added:

I take no pleasure in stating now that we lack confidence in the MoD's current ability to prevent such an incident happening again.

The MoD's response was to note it is "making improvements." It is introducing a dedicated casework system. It has closed the Afghanistan Response Route to new applicants. It has expressed regret.

Forty-nine families are burying people the British state promised to protect. The government's first response was not to tell them. It was to obtain a court order making it illegal for anyone else to tell them either.

Tomorrow: £900 million to a company most Britons have never heard of. The state cannot build its own systems, so it bought them. Then it discovered it could not audit, replace, or understand what it had purchased.

What was satisfactory here?

• Reality: 18,700 Afghan allies were exposed to Taliban reprisal by a data breach the MoD stored in a spreadsheet. At least 49 people are reported killed.
• Administrative intervention: A super-injunction suppressed the breach, the response, and the existence of the injunction for nearly two years. The data regulator declined to investigate.
• Reported statistic: The government disclosed nothing — until a court ordered it to.