Security

UK Special Forces soldiers' personal data was floating around WhatsApp in a leaked Army spreadsheet

Bizarre promotion practice leads to near-inevitable breach


Exclusive An astonishing data security blunder saw the personal data of Special Forces soldiers circulating around WhatsApp in a leaked British Army spreadsheet.

The document, seen by The Register, contained details of all 1,182 British soldiers recently promoted from corporal to sergeant – including those in sensitive units such as the Special Air Service, Special Boat Service and the Special Reconnaissance Regiment.

Special Forces soldiers’ identities are supposed to be protected from public disclosure in case terrorists target them or their families. Yet yesterday an Excel file was freely being passed around on WhatsApp groups after being leaked from inside the Ministry of Defence.

The spreadsheet detailed personnel posted to 18 Signals Regiment, the SAS and SBS' communications experts, and their specialisms

The document, which appeared to have last been modified late yesterday morning by a corporal working as a clerk for one unit's Regimental Career Management Officer (RCMO), was available for download on WhatsApp with no password protection or government protective markings such as “confidential” or “secret”.

To help protect UK Special Forces soldiers’ identities, whenever they enter the public eye they are always referred to by the MoD as serving with their former unit. So a paratrooper from that regiment’s 2nd Battalion who joins the SAS and is later decorated at Buckingham Palace for secretly smiting the Queen’s enemies is always named publicly as “Trooper Bloggs, 2 PARA”.

Yet the spreadsheet busted this convention by linking soldiers’ former and current units together, under separate headings of “capbadge” and “unit.”

The leaked spreadsheet included details of non-special forces units as well

Worst of all, as well as naming newly promoted senior non-commissioned officers, the spreadsheet disclosed their unique service numbers. These can be cross-referenced against public records to enable service histories to be traced – potentially outing former SF personnel years after they retire.

The spreadsheet’s only nod to privacy was a one-line warning that said: “NOT TO BE DISCLOSED BEFORE 0900 HOURS UK LOCAL 03 JUN 21.” Ironically, it appeared to have originated from a secretive Royal Marines unit.

Royal Marines Poole is the base of the Special Boat Service

A former Army source told The Register the practice of sharing newly promoted people’s personal details in a spreadsheet accessible by the entire 80,000-strong British Army was routine, but said: “Normally this is passworded and kept on the intranet.”

Details of soldiers posted to non-sensitive units were also viewable in the spreadsheet, which covered the entire Army: all units from the Army Air Corps to the Royal Welsh Fusiliers.

An Army spokesperson told The Register: “We are aware that the Corporal to Sergeant Promotion Board results have been obtained by some media outlets. The results of this Board are not due for release internally in MOD until 3rd June.”

He added: “The leak of this information to media outlets is being investigated by the MoD and it would be inappropriate to comment further at this time.” ®

Send us news
76 Comments

Legacy tech shoots down Ministry of Defence's supply chain improvements

How to manage 740 million items of behalf of the Armed Forces?

UK will be HQ for high-flying next-gen fighter jet treaty with Italy, Japan

Global Combat Air Program aims to replace Eurofighter Typhoon and Mitsubishi F-2

UK MoD braves the weather to train maritime AI capabilities

We will scan them on the beaches

Britain's Ministry of Defence fined £350K over Afghan interpreter BCC email blunder

UK GDPR penalty slashed from £1M after department agrees to improve processes

UK procurement is too glacial to bring AI into defense, MPs told

Projects take so long that tech is out of date before it enters service, industry says

Grant Shapps named UK defense supremo in latest 'tech-savvy' Tory tale

He praised Apple for its 'open source' tech – now he'll oversee AI use to defend Britain from its foes

UK launches SKYNET – not a doomsday plot, just shopping for improved satellite comms

They really need to start branding these things better

Defense boffins take notes from sci-fi writers on the future of warfare

Neat! Everything's gonna be just like Call of Duty!

UK's Ministry of Defence awards Boxxe multimillion Microsoft license deal

Contract seeks 'support with the renewal and running of Microsoft Enterprise Agreement'

British Army Twitter and YouTube feeds hijacked by crypto-promos

If you can't defend against crypto bros…