Ministry of Defence staff were warned before the Afghan data leak not to share information containing hidden tabs, according to documents released by the UK's data regulator. Last month it emerged that the details of almost 19,000 people who had applied to move to the UK were leaked when an official emailed a spreadsheet that contained a hidden tab with the information. Documents released by the Information Commissioner's Office (ICO) also show that staff there raised concerns about why the body had not issued a fine to the MoD. The MoD said they had worked to improve data security, but an ICO spokesperson said the government had not yet done enough to learn the lessons. According to an ICO memo, guidance in place at the time of the leak showed that the MoD was aware of the risks of sharing data and explicitly referenced the need to remove hidden data from datasets. Hidden tabs are a common feature in spreadsheet software, making information invisible to the user but still accessible if the settings are changed. The government estimates that the leak, which led to an emergency resettlement scheme for people at risk of Taliban persecution, would eventually cost around £850 million. A super-injunction granted by the High Court in September 2023 prevented the incident from being reported for nearly two years, until the order was lifted last month. Shortly after the MoD became aware of the breach, they informed the ICO, which led to multiple closed-door meetings over the next two years. Government officials termed the leak the most expensive email ever sent, while the ICO was criticized for its decision not to investigate the MoD or impose a fine despite similar, smaller breaches in the past.