Former defence secretary Sir Ben Wallace has told MPs that the Afghan data breach exposed deeper structural problems in how sensitive information is handled during modern military operations.
Giving evidence to the Defence Committee, Wallace argued that the pace and nature of contemporary conflict makes perfect data security increasingly difficult, particularly when operations depend on live communications beyond secure government systems. He described the evacuation of Afghanistan as an unprecedented information challenge, saying sensitive personal data was being gathered and exchanged in real time from multiple uncontrolled sources.
“Eventually somebody was going to have to reach out into a Taliban-controlled Afghanistan,” Wallace said, warning that every step beyond protected systems introduced risk. The former defence secretary likened Operation Pitting to “Dunkirk by WhatsApp”, describing a situation in which commanders were overwhelmed by messages from serving and former personnel attempting to help Afghan contacts escape.
He said names and personal details were often transmitted informally under intense pressure, reflecting the reality of crisis operations rather than normal peacetime processes. Wallace acknowledged that the Ministry of Defence had already suffered earlier data breaches in 2021, prompting stricter controls and improvements to the Afghan Relocations and Assistance Policy database. However, he suggested that even improved systems struggle when sensitive intelligence must be blended with open-source and commercially available data.
“Nowadays, you often have to blend very sensitive data with open data,” he told MPs, adding that this creates unavoidable vulnerabilities. Beyond Afghanistan, Wallace raised concerns about information security culture across government, saying training had become too fragmented and insufficiently rigorous.
He contrasted modern online self-learning modules with earlier mandatory in-person courses, arguing that the current approach fails to embed discipline around classified material. “It does not necessarily give people a priority in terms of what is really important,” he said.
Wallace also warned that ministers themselves often receive little structured guidance on handling classified information despite operating at the centre of highly complex systems. While accepting that mistakes were made, he defended the intent behind the evacuation effort and said the extraordinary circumstances must be understood in context.
“It was a very chaotic time,” he said, pointing to the speed of the Taliban advance and the scale of the humanitarian emergency.
The former defence secretary told the committee that future operations would need to confront the same tension between operational urgency and data protection, particularly as conflict becomes faster, more networked and increasingly dependent on digital communication. The Defence Committee inquiry continues to examine how the Afghan data breach occurred and what reforms may be required to prevent similar failures during future crises.
No ever disciplined over it, state normal. Like most things lack of leadership and lack of addressing the problem its ok we all loved the up £1 billion this mess may cost. Every one kept thier job carry on and just do not bring it up i guess is the Army way now as it was a soldier who released the data.
I sort of liked Ben Wallace. He did some interesting things, and I wonder whether we’ll see his report on submarines vs frigates come to light.
I liked him, until I recall what he cut, how he obstructed an ex RM who wanted to save Dogs in Afghanistan, some of which were ex MWD, and how all so conveniently he made sure that the NCF was built either close to or in his constituency, much like Brown and the Carriers.
I don’t believe in coincidences, self interest always seems to get in the way of the national interest with politicians.
On the plus side, apparently he got money from HMT. Where did it vanish to?
In all fainress to BW he was in post just when all of the lack of investment in anything was starting to crystallise to a disaster and no amount of creative accountancy and moving money around could fix the massive structural problems of that.
So BW was handed the mess and did the only thing that he could which was cut things to invest in sorting out the long term issues.
Some of the investment is now starting to come good.
One the article itself it is a delusional series of statements that seriously undermines what I though of BW. The one clear take away from that is that he doesn’t understand data management. IRL you could construct a portal in a secure database program such as FileMaker that uses Encryption At Rest and give individuals various permissions in a long day if you knew what you were doing. What you do not *ever* do is to start using Excel as what happened there is more or less inevitable……you just do not do that…..no excuses…..
Many standard database programs can be used to generate individual emails to groups of people – that is done plugin functionality. Requires no development time just setting up the plugins to talk to the email server.
Unfortunately, IT is *captured* by the big consultancies and it pumps out the idea of it being ‘hard’ to do these things – it really isn’t there are so many COTS solutions.
Except BW was the guy who approved the Ajax programme continuing based on giving the guys ear defenders and new chairs.
Seriously if you had a defence contract with a fixed price £6 billion contract and a known vibration issue in the vehicle would you let them off with giving soldiers better ear plus as the solution?
It’s like complaining to a roofer about the shitty job they did and being given a bucket as the solution.
He cost us 5 years on this program and likely billions of pounds.
He was DefSec during a crisis in Ukraine and while we had troops in Afghanistan, not MinDP. It wasn’t his job to keep an eye on Ajax. The not so mighty Quin did the job for well over two years, followed by Shelbrooke and Chalk. Heappey wasn’t in the post long enough to sneeze in early 2020, and that was while the job was still Under Secretary (or bag carrier), before it was lifted to Minister of State for Quin.
I think it’s reasonable for DefSec to have delegated this down to the procurement minister; actually I think it’s unreasonable for him not to.
Hi Daniele, on your point about the evacuation from Kabul, it was a lot more complex than simply blocking a flight for animals. We simply were not prepared for the speed at which the country fell. I was not there, but it was chaos.
A lot of the issues came from the number of NGOs in and around Kabul who were clearly on the list to evacuate, but most of their staff were not, as they were Afghan locals. So when the city fell, many people quite rightly did not want to leave their staff behind, let alone animals.
I remember speaking to a good mate the day Kabul was surrounded by the Taliban, telling him he needed to seriously think about getting to KIA because he could be made an example of. He stayed behind, was captured and suffered for weeks, while his team made it to Pakistan in the end and he was later released. I also remember not going to work that day, as we had a UK national leave Pul-e-Charkhi prison after it was attacked and government forces collapsed, so we were trying to get him support to reach KIA via a WhatsApp group.
Sorry, I have waffled on, the point I’m trying to make is that the evacuation was chaos. Everyone will remember the scenes of Afghans clinging to C-17s, but there was so much going on that wasn’t really reported on.
I never met Pen Farthing (the RM, as there is no such thing as ‘ex RM’ 😉), but years before the evacuation I was based out of the BEK and we had three dogs handed to us as part of the handover takeover. We had a team house with a garden for them and they were great, but too many diplomats complained about the barking, so we took them to Nowzad. They were great and didn’t ask for too much money, but we paid to cover the full costs for them, and after a few months, someone in Canada thankfully rehomed them all.