Over recent years, the UK Ministry of Defence suffered two of the most damaging and expensive data leaks in its history - both caused by preventable human error in email. Here's how the UK government could have averted disaster, protected thousands of lives, and saved hundreds of millions of pounds.
Two costly data breaches, one common factor
The BCC error (September 2021)
In September 2021, an MoD official sent an email containing sensitive information about Afghan interpreters to more than 250 people, but instead of using BCC, all recipients were placed in the CC field. This meant everyone could see each other's contact details, putting lives at risk and breaching confidentiality at the highest level.
The result? Widespread public outcry and a £350,000 fine for the Ministry of Defence from the UK Information Commissioner.
Second: The hidden spreadsheet disaster (2022, revealed 2025)
Just months later, in a separate incident, a soldier emailed a spreadsheet meant to contain only 150 Afghan applicants’ details for verification. Unbeknownst to the sender, the file actually contained nearly 19,000 names, hidden in rows or tabs not immediately visible. Afghan contacts in the UK forwarded the spreadsheet, and it quickly spread to others in Afghanistan.
The fallout? Nearly 4,000 individuals had to be relocated at a cost already exceeding £400 million, all to protect those whose data had been exposed.
Human error is the #1 cause of data breaches—but it’s not about blame
Both incidents are now classic examples of how human error remains the main cause of data breaches. According to the ICO and other European privacy authorities, up to 80% of data leaks can be traced to ‘non-cyber incidents’, - unintentional mistakes by employees, often made under pressure, with high stakes, and using complex digital tools like email and spreadsheets.
Crucially, it’s not about blaming employees. Email is the most common communication tool for sharing sensitive information and thus also where most mistakes are made.
What are the most common causes of data loss?
Both incidents involved errors that are shockingly common:
- BCC/CC mistakes: Putting all recipients in CC or TO instead of BCC (5% of reported leaks).
- Hidden spreadsheet data: Sending attachments with sensitive info in hidden rows, columns, or tabs.
- Other common email mistakes:
- Autocomplete errors (wrong recipient)
- Typing mistakes in email addresses
- Sending the wrong attachment
- Not applying the right classification or protection
- Using insecure personal email
- Failing to use secure transfer tools
How to prevent data leaks
Modern DLP (Data Loss Prevention) tools can prevent these mistakes with out-of-the-box rules:
- BCC/CC protection: Warns users about emails that contain (too) many external recipients in TO/CC.
If a rule had prompted the sender in the 2021 incident (“Are you sure you want to CC over 10 external addresses?”), the breach would almost certainly have been avoided. - Hidden data detection: Scans attachments (like Excel files) for hidden rows, tabs, or metadata.
A rule can flag or block sending if an attachment contains hidden or potentially sensitive info—catching precisely the error that led to the MoD’s 2022/2025 disaster. - Attachment and recipient analysis: AI/ML-based solutions analyze both content and recipients for anomalies, giving employees real-time, in-context support while composing or before sending.
Whether it’s a simple rule for BCC/CC or a warning for hidden spreadsheet data, email DLP should not be optional; it’s essential.
Don’t wait for your organisation’s name to make the news. Intuitive, forward-thinking businesses are investing in decision support and intelligent prevention—before a “simple mistake” costs lives and millions. Learn how Zivver is supporting over 10,000 organizations today.
