Afghans who risked their lives for British forces are now being arrested by the Taliban, simply for trying to check if their personal details were exposed in one of the worst data breaches in UK government history.
At least five individuals, including former members of Afghanistan’s elite Triples Special Forces unit, have been detained in recent days while attempting to access the Ministry of Defence’s (MoD) website from internet cafés in major cities across the country. The Taliban is reportedly monitoring such cafés closely, targeting anyone suspected of working with the West.
The arrests follow a catastrophic breach of the UK’s Afghan Relocation and Assistance Policy (ARAP) database, which exposed the names and details of nearly 24,000 applicants, many of whom had served alongside British troops during the war.
With home internet access rare in Afghanistan, many of those affected had no choice but to visit public internet cafés to check whether their data had been leaked. The MoD sent out emails to applicants containing a link to verify their status. A red message indicated their information had been compromised, while a green message meant it had not.
But campaigners say the Taliban has been using this very system to identify and detain those who worked with UK forces. British lawyers and human rights groups have now warned Afghan clients in hiding to avoid internet cafés altogether.
Former interpreter Wazir, 38, who spent five years on the frontlines with British troops, confirmed that his own data, and that of his family, was exposed in the leak. He was able to check from his home, but knows others who were arrested after visiting cafés.
“Many don’t have Wi-Fi and that makes them vulnerable,” he said. “We are terrified our data, entrusted to Britain, will be used to hunt us down. I’ve already moved my family’s hiding place and will do so again next week.”
He added that the Taliban, with Chinese surveillance technology, can now track mobile phones, making the danger even greater.
At least seven people, five men and two women, have reportedly been detained while accessing their email accounts. The exact locations of the arrests are known but are being withheld for security reasons.
The Taliban has not confirmed or denied whether it obtained the compromised data. In a statement, its foreign ministry claimed it already possessed biometric and personal data left behind during the chaotic British and US withdrawal from Kabul in August 2021.
Earlier this week, reports emerged that up to ten former members of Afghan forces had been executed by Taliban fighters near the Iranian and Pakistani borders, four of them allegedly killed in a single ambush. It is unclear whether their deaths are linked directly to the data breach.
Despite the growing fear, the Ministry of Defence maintains that being on the spreadsheet alone is unlikely to result in targeting. A government-commissioned review, the Rimmer Review, concluded that the Taliban already possessed a significant volume of identifying data.
In a statement, the MoD said:
“The independent Rimmer Review concluded that it is highly unlikely that merely being on the spreadsheet would be grounds for an individual to be targeted… We continue to urge the Taliban to honour their public amnesty towards members of the former government and special forces.”
The data breach, first revealed by the Daily Mail in August 2023, was initially subject to a rare super-injunction preventing public reporting. Behind the scenes, ministers launched one of the UK’s largest peacetime evacuations in history, secretly relocating thousands of Afghans to Britain at taxpayer expense.
To date, 18,500 Afghans whose information was leaked have already been flown to the UK or are en route. Another 5,400 are expected to follow. They are currently being housed in Ministry of Defence properties and hotels until long-term housing is arranged.
Yet more than 70,000 Afghans, many who served alongside British forces, remain stranded, facing a brutal regime that considers them traitors.
In a further twist, hundreds of those rescued are now preparing legal action against the British government for failing to protect their data, with early estimates suggesting potential compensation payouts could reach £1 billion.
