Afghanistan Response Route (ARR) was a secret UK government immigration scheme operated from 2023 to 2025 in response to a serious data breach by the Ministry of Defence (MoD). The breach exposed the identities of thousands of Afghans who had worked with British forces in the War in Afghanistan (2001–2021), putting them at risk of Taliban reprisals. The existence of the scheme—and the breach that triggered it—was concealed from the public under a superinjunction until July 2025, when it was revealed by court rulings and the press. [1] [2]
In early 2022, a British defence official accidentally circulated a spreadsheet that included the personal data of over 18,700 Afghans who had applied to the UK’s Afghan Relocations and Assistance Policy (ARAP) or ex gratia schemes. Although the official intended to send details of 150 people, the file contained over 33,000 entries, including contact information and details of links to UK personnel. [1] [2]
The breach went undetected until August 2023, when an excerpt from the spreadsheet appeared in a Facebook group. Then-Defence Secretary Ben Wallace applied for and was granted a superinjunction by the High Court. It was the first such injunction ever issued to the UK government and applied contra mundum—against the entire world—barring not only reporting on the leak but any mention of the injunction’s existence. [2]
In response to the breach, the Conservative government launched the Afghanistan Response Route, a classified immigration programme intended to relocate affected Afghans. Originally intended to resettle around 150 individuals and their families, the scheme eventually expanded to cover an estimated 6,900 people by mid-2025. [1]
Internal court documents later revealed that the MoD justified the scheme as a temporary protective measure while asserting that the Taliban did not yet possess the leaked data. Nonetheless, some Afghans reportedly received threats referencing personal details from their ARAP applications, and campaigners accused the government of underestimating the risks. [2]
The UK government went to exceptional lengths to suppress public knowledge of both the breach and the scheme. The superinjunction covered journalists, media outlets, the opposition, and even Parliamentary committees. Government officials delayed informing Labour’s front bench until after the July 2024 general election, despite prior civil service advice recommending disclosure. [2]
The ARR was also deliberately excluded from immigration statistics, Home Office updates, and MoD accounts. Statements made to Parliament omitted references to the breach and used vague language to obscure the rising number of Afghan arrivals. According to court evidence, this was done to avoid public scrutiny and to “maintain control of the narrative.” [1] [2]
In 2024, a classified review by former defence intelligence official Paul Rimmer concluded that the data leak was unlikely to significantly increase individual risk. He noted that the Taliban already had access to other intelligence and that being named in the leaked spreadsheet would not, by itself, justify targeting. [1] [2]
Mr Justice Jeremy Chamberlain, who had taken over the case, ruled in July 2025 that the continued secrecy was no longer proportionate or justified. He noted the scale of spending, the suppression of public accountability, and the misleading nature of official statements as reasons for ending the superinjunction. The ruling allowed full public reporting of the breach and the secret scheme. [2]
The projected cost of the ARR reached £850 million by 2025, and total spending could have exceeded £2 billion had the scheme continued. John Healey, who took office as Defence Secretary under the Labour government in 2024, announced in July 2025 that the scheme would be closed. According to the government, this move would prevent an additional £1.2 billion in spending. [1]
Overall, as of March 2025, approximately 36,000 Afghans had been resettled in the UK under three schemes, with total estimated costs ranging from £5.5 billion to £7 billion. Some of those relocated under the ARR were not publicly recorded at the time due to what officials called “containment reasons.” [2]
Following the disclosure, law firms began preparing legal claims on behalf of Afghans affected by the data breach. Around 1,000 individuals reportedly expressed interest in suing the MoD, and over 665 had formally launched proceedings by mid-2025. [1]
Media commentators and legal experts described the superinjunction as one of the most far-reaching in English law. Critics warned that it had enabled the government to avoid scrutiny on matters of national security, immigration policy, and public spending. [2]