UK Government Confirms Cyber-Attack on Foreign Office Systems Dating Back to October
Trade minister acknowledges breach of Foreign, Commonwealth and Development Office networks following reports of possible access to visa-related data
The United Kingdom government has confirmed that it suffered a cyber-attack on its Foreign, Commonwealth and Development Office (FCDO) in October, acknowledging that systems were breached and prompting an ongoing investigation into the incident.
The disclosure by Trade Minister Chris Bryant follows media reports suggesting that a hacking group with alleged links to China may have accessed sensitive government data held on FCDO servers.
Bryant told broadcasters that there “certainly has been a hack” and that officials have been aware of the compromise since October, when the breach was first detected.
He emphasised that it is not yet clear who was responsible and cautioned against speculation over the identity or affiliation of the perpetrators, saying that assessments of any external involvement — including whether actors connected to the Chinese state were behind the intrusion — remain inconclusive.
The minister added that the vulnerability was addressed promptly and that authorities are “fairly confident” there is a low risk of personal data being compromised as a result of the breach.
The initial reporting on the incident cited a hacking collective known as Storm 1849, described in some accounts as a China-linked cyber gang that has previously targeted political figures and critical organisations.
While these attributions have circulated in the media, the government has not officially confirmed the group’s involvement and characterised such claims as speculative.
The breach is understood to have involved systems operated on behalf of the Home Office by the FCDO, with some reports suggesting that visa-related information may have been among the data accessed, though officials maintain that risks to individuals are limited.
The episode adds to a series of significant cyber-security incidents affecting British public and private sector entities in 2025, including high-profile attacks on major corporations which have disrupted operations and highlighted the growing challenge of defending critical digital infrastructure.
In response, the Foreign Office has reiterated its commitment to robust investigation and said it takes the security of government data “extremely seriously,” working with national cyber-security agencies to examine the full scope of the incident.
Amid the ongoing inquiry, Prime Minister Keir Starmer has underscored the importance of balancing diplomatic engagement with vigilance against digital threats, particularly as the government seeks to navigate complex international relationships and enhance protections against hostile cyber activity.
The disclosure by Trade Minister Chris Bryant follows media reports suggesting that a hacking group with alleged links to China may have accessed sensitive government data held on FCDO servers.
Bryant told broadcasters that there “certainly has been a hack” and that officials have been aware of the compromise since October, when the breach was first detected.
He emphasised that it is not yet clear who was responsible and cautioned against speculation over the identity or affiliation of the perpetrators, saying that assessments of any external involvement — including whether actors connected to the Chinese state were behind the intrusion — remain inconclusive.
The minister added that the vulnerability was addressed promptly and that authorities are “fairly confident” there is a low risk of personal data being compromised as a result of the breach.
The initial reporting on the incident cited a hacking collective known as Storm 1849, described in some accounts as a China-linked cyber gang that has previously targeted political figures and critical organisations.
While these attributions have circulated in the media, the government has not officially confirmed the group’s involvement and characterised such claims as speculative.
The breach is understood to have involved systems operated on behalf of the Home Office by the FCDO, with some reports suggesting that visa-related information may have been among the data accessed, though officials maintain that risks to individuals are limited.
The episode adds to a series of significant cyber-security incidents affecting British public and private sector entities in 2025, including high-profile attacks on major corporations which have disrupted operations and highlighted the growing challenge of defending critical digital infrastructure.
In response, the Foreign Office has reiterated its commitment to robust investigation and said it takes the security of government data “extremely seriously,” working with national cyber-security agencies to examine the full scope of the incident.
Amid the ongoing inquiry, Prime Minister Keir Starmer has underscored the importance of balancing diplomatic engagement with vigilance against digital threats, particularly as the government seeks to navigate complex international relationships and enhance protections against hostile cyber activity.
