The UK's Foreign, Commonwealth and Development Office (FCDO) suffered a significant cybersecurity breach, a government minister has confirmed. Trade Minister Sir Chris Bryant revealed the hack was first discovered in October 2025, but insisted the government is now "on top of it."
What We Know About the Foreign Office Data Breach
Sir Chris told Sky News' Mornings with Jones and Melbourne that authorities became aware of the intrusion last autumn. He stated that while a hack definitely occurred, the risk to individual personal data is believed to be low. "We're fairly confident that there's a low risk of any individual actually being affected by this," the minister said.
The compromised data was reportedly on systems operated by the Foreign Office on behalf of the Home Office. According to a report in The Sun, the attack was carried out by a Chinese hacking group known as Storm 1949, which allegedly accessed information relating to visa details and stole thousands of confidential documents.
Government Response and Political Fallout
However, Sir Chris was cautious about attributing blame, telling Sky News it is "not entirely clear" who is responsible. He explained he could share "remarkably little detail" because the investigation is ongoing and "takes quite a long time." He emphasised that the security vulnerability was closed quickly, calling it a "technical issue in one of our sites."
The revelation has sparked immediate political criticism. Conservative shadow foreign secretary Dame Priti Patel shared a report alleging Chinese involvement and accused Labour of failing to protect Britain. "China undermines our security, institutions and democracy but Labour is failing to protect Britain from China's foreign interference," she wrote on social media platform X.
A Wider Pattern of Cyber Threats
Sir Chris contextualised the breach within a wider pattern of high-profile cyber attacks in 2025, mentioning incidents at Marks and Spencer, Jaguar Land Rover, and the British Library. He urged against speculation and scaremongering, stating that some media reporting had contained more conjecture than accurate fact.
The government maintains that while the breach is serious, swift action was taken to secure the systems. The full extent of the data accessed and the precise identity of the attackers remain under active investigation by UK security services.
