Hackers obtain sensitive data on UK aid projects overseas
Foreign Office tells those involved in pitching tenders their personal data has been compromised
Hackers have obtained sensitive documents relating to British aid projects, including details related to projects funded by a secretive national security fund.
The Foreign, Commonwealth and Development Office (FCDO) and experts from the National Cyber Security Centre (NCSC), an arm of GCHQ, are investigating how a “third party” came to obtain the data, the Guardian has learned.
The FCDO has also told companies and individuals involved in pitching tenders for UK government projects that their personal data has been compromised.
An email from the FCDO said: “Some of these documents included your personal details, compromising some, or all, of the following categories: your name, work and contact details, location and nationality.”
It is not publicly known if the breach was the work of an individual or a group, or whether it was linked to a state hostile to the UK.
Individuals affected by the breach include those working on UK aid projects financed by the Conflict, Security and Stabilisation Fund (CSSF).
The CSSF is a £1bn pot of money overseen by the National Security Council, which finances projects intended to resolve conflicts and build stability overseas. These include countering terrorism and radicalisation in regions such as south Asia and parts of Africa.
Its most recent annual report said the fund supported programmes ranging from peacekeeping in Sudan, where the UK deployed 300 personnel, to projects designed to counter terrorism and violent extremism in locations such as Iraq and Pakistan.
MPs and others have in the past expressed significant concern about the lack of transparency, accountability and leadership of the CSSF.
An FCDO spokesperson said: “We take data security very seriously and we are thoroughly investigating this incident.”
The information commissioner’s office has been informed of the breach and is being updated on the government’s response.
Individuals have been advised to take steps to protect themselves online as an immediate precaution by watching out for suspicious emails, calls or text messages. They have also been told to get in touch with a dedicated phone line if they have any concerns.