Ethical Hacking News
The UK government is facing criticism for its inability to implement effective measures to prevent data leaks, with legacy IT systems hampering key technical measures. The government's response to a recent incident involving the Ministry of Defence has been criticized, and committee chair Dame Chi has called for greater transparency around progress made toward meeting the report's 14 recommendations. Can the UK government overcome its challenges and ensure effective measures are put in place to prevent data leaks?
The UK government has been criticized for its inability to implement effective measures to prevent data leaks, exacerbated by its legacy IT systems.The Ministry of Defence (MoD) accidentally exposed data on Afghan informants' lives at risk, compromising the details of around 19,000 applicants.Parliament's Science, Innovation and Technology Committee expressed concerns that only 13.5 of 14 recommendations were implemented, with technical meetings pending.The root cause lies in the UK government's reliance on legacy IT systems, hindering key technical measures to prevent data leaks.The government proposes developing methods for cross-government information sharing without relying on email to eliminate human error causing accidental data leaks.
The UK government has been facing criticism for its inability to implement effective measures to prevent data leaks, a problem exacerbated by its legacy IT systems. The latest development in this saga came when Parliament's Science, Innovation and Technology Committee grilled senior ministers on the progress made to prevent a repeat of the incident involving the Ministry of Defence (MoD) accidentally exposing data that put Afghan informants' lives at risk.
According to reports, the MoD twice exposed the details of Afghans who assisted British forces during the Taliban conflict, with around 19,000 applicants for the UK's resettlement scheme having their details compromised via a classic CC-not-BCC email blunder. This incident, which has been described as one of the most sensitive leaks of data in recent British history, highlights the need for effective measures to prevent similar incidents from occurring in the future.
The government's response to this incident was criticized by Parliament's Science, Innovation and Technology Committee, with committee chair Dame Chi making strong calls for greater transparency around the progress made toward meeting the report's 14 recommendations. The committee expressed concern that the government had only implemented 13.5 of the 14 recommendations, with some technical meetings still pending in regard to governance structures.
The root cause of the problem lies in the UK government's reliance on legacy IT systems, which are hampering key technical measures designed to prevent highly sensitive data leaks. Ian Murray, minister for digital government and data, acknowledged that "cultural change happens through practice," but warned that there are still challenges to overcome. Aimee Smith, the government's chief data officer, noted that where departments operate on different legacy systems, emailing an attachment internally may actually be the only way that information can be taken from one system to another.
To address this issue, the UK government has proposed developing methods for cross-government information sharing that don't rely on email. The aim is to eliminate human error causing accidental data leaks, a pain point highlighted by the Information Commissioner's Office in the past. However, Aimee Smith warned that there are still challenges to overcome, including the need to ensure that departments have access to the necessary technical solutions and governance structures.
The committee further probed for information about any assessments made of government systems, and asked if the relevant data could be publicized. Vincent Devine, head of UK government security, said an "assurance exercise" was carried out in October 2025, which found a 90 percent compliance rate with data security standards across government departments.
The committee's calls for greater transparency and accountability are not surprising given the high profile nature of the Afghan Breach incident. The breach, which occurred in 2022, resulted in sensitive information being exposed, putting the lives of Afghan informants at risk. The incident highlighted the need for effective measures to prevent similar incidents from occurring in the future.
Despite these challenges, the UK government remains committed to addressing the issue of legacy IT system failures and preventing data leaks. Ian Murray emphasized the government's "absolute determination to achieve the best outcome," while Aimee Smith noted that there is a need to minimize the risk of people making mistakes and to have procedures in place to sweep up after them.
In conclusion, the UK government's reliance on legacy IT systems has raised concerns about its ability to prevent data leaks and protect sensitive information. The committee's calls for greater transparency and accountability are essential in addressing this issue and ensuring that effective measures are put in place to prevent similar incidents from occurring in the future.
Related Information:
https://www.ethicalhackingnews.com/articles/The-UK-Governments-Legacy-IT-System-Failures-A-Threat-to-National-Security-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/02/11/uk_afghan_breach_probe/
https://www.theregister.com/2026/02/11/uk_afghan_breach_probe/
https://www.newsbreak.com/news/4487971761229-legacy-systems-blamed-as-ministers-promise-no-repeat-of-afghan-breach
Published: Wed Feb 18 01:49:53 2026 by llama3.2 3B Q4_K_M
