Revealed: 24,000 Afghans Offered Asylum in UK After Data Breach

Britain has secretly offered asylum to nearly 24,000 Afghan soldiers and their families caught up in the most serious data breach in history, it can be revealed.

The leak led the Government to earmark £7 billion to relocate Afghan refugees to the UK over five years, piling pressure on the Chancellor’s already stretched budget.

Despite the huge cost to the taxpayer, the breach was kept secret from the public for 683 days by two successive governments after the first use of a super-injunction by ministers.

In that time, thousands of Afghans have been flown into Britain and housed in hotels and other accommodation across the country.

Some of those offered asylum previously had their applications rejected, including for violent or sexual assaults, with officials forced into a reversal.

The use of a super-injunction, the longest ever deployed and the first such measure issued “contra mundum” – against the world – led to what one judge described as a “scrutiny vacuum”.

Such was the level of secrecy that Sir Keir Starmer was not told about the leak until after he entered office.

The Government argued that the extraordinary secrecy was necessary to keep the database from falling into the hands of the Taliban, who swept back to power in Kabul in August 2021.

However, a senior Taliban official told The Telegraph on Tuesday night that they had obtained the “kill list” shortly after the original leak, and had since been hunting down those named, potentially rendering the secrecy battle pointless.

Speaking for the first time about the incident, Ben Wallace, the defence secretary who first applied for the injunction just days before he stepped down from the role, insisted it was not a “cover-up”.

Writing for The Telegraph, Mr Wallace said: “I make no apology for applying to the court for an injunction at the time. It was not, as some are childishly trying to claim, a cover-up.

“I took the view that if this leak was reported at the time, the existence of the list would put in peril those we needed to help out.

“Some may disagree but imagine if the Taliban had been alerted to the existence of this list; I would dread to think what would have happened.”

However, also writing for The Telegraph, Johnny Mercer, the former veterans’ minister, said that the incident was a “farcical process” and “the most hapless display of ineptitude” that he saw in his time in government.

Speaking to MPs after the injunction was lifted, John Healey, the Defence Secretary, offered a “sincere apology” for the incident, which was echoed by the shadow defence secretary.

Mr Healey also said that he had felt “deeply concerned about the lack of transparency” around the data breach.

He told the Commons: “No government wishes to withhold information from the British public, from parliamentarians or the press in this manner.”

The leak occurred in February 2022, when a Royal Marine sent an email to a group of Afghans and accidentally included a spreadsheet containing information and the identities of 25,000 Afghans who were applying for asylum – soldiers who had worked with the British Army and their family members.

The “bone-chilling” data breach was later described as a “kill list” for the Taliban.

It came to light a year later when an anonymous Facebook user posted extracts of the data. The posts were deleted within three days after officials from the Ministry of Defence (MoD) contacted Meta, Facebook’s owner, but the Government decided it had no choice but to offer asylum to the Afghans affected because they were at risk of reprisals from the Taliban.

What followed was the biggest ever covert evacuation operation in peacetime, codenamed Operation Rubific.

The number of people expected to be brought to the UK as a result of the breach was initially stated in court documents to be nearly 43,000 people.

However, officials confirmed on Tuesday that 6,900 Afghans would be brought to Britain as a direct result of the breach, under a scheme set up specifically to deal with the fallout.

According to the MoD, of these, 4,500 are already in the country or are in transit, and 2,400 more are yet to travel.

Officials said a further 17,000 Afghans deemed eligible to come to Britain under a separate relocation scheme were also found to have been affected by the breach. Of these, 14,000 are already in the country or are in transit and 3,000 more are yet to travel.

The Government fought a two-year legal battle to keep the leak a secret, including securing the super-injunction, which meant journalists from The Telegraph and other media organisations faced jail if they reported on the data breach or mentioned the existence of the legal battle.

The super-injunction was lifted at midday on Tuesday by the High Court. However, at the 11th hour, a new interim injunction was issued, which blocked the publication of sensitive information about exactly what was in the database.

It is the most serious data breach in British history, dwarfing previous episodes such as the 2013 Snowden leaks detailing GCHQ’s secret surveillance methods used against millions of internet users.

The database also included the details of British government officials, The Telegraph understands.

Both the Speakers of the House of Commons and the House of Lords were informed of the leak in September 2023 “so that they could make informed decisions as to how matters should be handled in Parliament”.

MPs have been unable to ask questions about the leak because of the super-injunction. A deliberate choice was also made not to tell the intelligence and security committee, the parliamentary body that is routinely given access to highly classified material to scrutinise decisions.

In one document seen by the court during the proceedings, Mr Healey said that “political and reputational considerations” had been key factors informing the Government’s response.

Mr Justice Chamberlain, the judge who discharged the super-injunction on Tuesday, said that the measure was objectionable in principle, given that billions of pounds of public money and the lives and safety of thousands of human beings were at stake. He also noted that while the super-injunction was likely protecting some involved, it may have been endangering others.

After Britain joined the US-led coalition that invaded Afghanistan in 2001, it trained, equipped and funded military units formed of Afghan volunteers.

The two UK-trained and funded Afghan units – ATF444 and CF333 – that worked alongside the SAS and Special Boat Service in secret operations were nicknamed the Triples.

Former members of the Triples are among those likely to have been identified in the leaked database.

Those affected are now mostly believed to be safe, according to internal MoD assessments.

However, there have been several reports of Taliban hitmen murdering Afghans they view as Western collaborators, along with their families. These include former members of the Triples.

One murdered Triple member, Riaz Ahmedzai, was gunned down in Jalalabad in April 2023, although it is not known whether his name was in the leaked spreadsheet.

The huge cost of the resettlement of Afghan refugees is an additional headache for the Chancellor.

It can now be revealed it was secretly factored into the Government’s budget, partly accounting for the £22 billion fiscal black hole the Chancellor announced on coming into office.

In October last year, Ms Reeves signed off a secret plan, which had begun under the Conservatives following the leak, to spend up to £7 billion over five years on resettling Afghans.

In January 2025, Mr Healey commissioned Paul Rimmer, a former deputy chief of defence intelligence, to review the situation in Afghanistan.

He concluded that the threat level had diminished, leading to the closure of the resettlement schemes. That decision is expected to save around £1.2 billion from the expected cost.

The final amount – now believed to be between £5.5 billion and £6 billion – has come from the Treasury reserve.

However, the cost could grow in the coming years, depending on how long families stay in hotels and how large the families are.

The total includes the direct cost of the leak, which to date is understood to be £400 million. In total, £850 million has been set aside to complete the resettlement scheme set up specifically for those affected by the data breach.

However, it is not believed that this includes any potential compensation costs.

Earlier this month, following a separate data breach connected to Afghans applying for asylum, the MoD agreed to pay £1.6 million to the 265 people affected. The Government was also issued with a £350,000 fine.

Barings, a law firm, has about 1,000 Afghan ex-soldiers signed up to a mass data breach claim against the MoD in relation to the new leak. That number is likely to increase. Lawyers believe each individual could receive up to £50,000 or more in compensation.

The Government is also grappling with a voter backlash over the cost of housing asylum seekers, which has risen to £4 million a day.

It emerged in May that the estimated cost of hotels and other accommodation for asylum seekers had risen from £4.5 billion between 2019 and 2029 to £15.3 billion. It is not known whether any of the rise in cost can be partly explained by the data breach.

Labour insiders believe the asylum bill is fuelling support for Reform UK. Sir Keir has pledged to end the use of hotels to house asylum seekers by 2029.