Government data breach exposes Afghans to more danger | CBC News

One email seen by CBC News listed 200 names. Not only did names and emails appear but also, in some cases, faces could be seen.

The risks of such a release are serious. It would only be necessary for the Taliban to see a single copy of the email to obtain all 200 names.

IRCC has been writing to the people in question to apologize.

In one such email, sent Friday, IRCC director of client experience says Anne Turmel says the person’s information was leaked on Oct. 18 when a unit within the department “sent four emails to multiple clients simultaneously regarding the Afghanistan situation.”

The email addresses of the Afghans went into the “to” field instead of the “BCC” field, Turmel wrote, and “consequently personal email addresses were shared with the recipients.”

“Please note, that by the same means, we inadvertently sent you information on October 18, 2021 pertaining to other individuals.”

Despite assurances by the Taliban that there would be no reprisals or revenge, rights groups have documented an effort to track down and kill some of their former enemies.

UN human rights commissioner Michelle Bachelet last month recounted “credible allegations of reprisal killings” of former security personnel and arbitrary detentions of former officials. 

“In some cases, the officials were released, and in others, they were found dead,” Bachelet told the UN Human Rights Council.

Fear for sister

CBC News spoke with one Afghan-Canadian man whose sister’s name was leaked in one of the emails. Her face can also be seen by passing a cursor over her email address. She is currently in hiding in Afghanistan with young children. Her husband, an army officer, was executed by the Taliban earlier this year. She herself worked for Afghanistan’s civilian government.

CBC News is protecting the family’s identity for reasons of security.

“There were not that many people associated with the government or with foreigners,” the man said. “Anyone who gets the email would have both names, and in many cases faces. Even an ordinary, regular person can just put the picture in Google Search and find the person through social media.”

And the Taliban have much more than that, he said. “They have sophisticated technology, and they have the support of Pakistan.”

Pakistan’s ISI intelligence service is widely believed to work closely with the Taliban, despite official Pakistani denials.

“Of course I am worried most for my sister,” he said, “but not only her. Some of these people may not even be aware of this, and I’m concerned for them too, just as a human being.”

U.K. apologized for similar breach

Britain’s Conservative government was already forced to apologize for a very similar data breach in September that revealed 250 names. 

Defence Secretary Ben Wallace told the House of Commons he was “angered” by the leak and ordered an official inquiry by the country’s information commissioner. One civil servant was suspended.

WATCH | Wallace ‘angered’ by similar data breach:

U.K. defence secretary ‘angered’ by ‘significant’ Afghan data breach

U.K. Defence Secretary Ben Wallace apologizes to the House of Commons on Sept. 21 following a “significant” data breach relating to interpreters in Afghanistan hoping to come to the U.K. 1:39

“We are now working with [those Afghans] to provide security advice,” he told the House. “It is an unacceptable level of service.”

CBC News has confirmed the four emails sent in error went to different groups of addressees, amounting to several hundred people in total.

IRCC has not apologized publicly, but did in the email to those directly affected.

“I have taken this incident very seriously and am reviewing our current processes to prevent this situation from happening again,” wrote Turmel.

“I offer you our sincere apology for our mistake and our assurance that we will do everything possible to ensure that it is not repeated.”

She also asked all recipients to delete the emails.