The UK's Foreign, Commonwealth and Development Office (FCDO) was the victim of a significant cybersecurity breach, a government minister has confirmed. Trade Minister Sir Chris Bryant told Sky News that while the hack occurred, the government is 'fairly confident' that no individual's personal data was accessed or stolen.
Timeline and Discovery of the Breach
Sir Chris revealed that the government first became aware of the incident in October 2025. He stated that officials moved swiftly to address the vulnerability, managing to 'close the hole very quickly' after it was identified as a technical issue at one of their sites. The compromised data was reportedly on systems operated on behalf of the Home Office by the Foreign Office, which was the department that detected the intrusion.
Uncertainty Over Perpetrators and Stolen Data
Despite media speculation, the minister was clear about the ongoing uncertainty surrounding the attack. He declined to confirm a report from The Sun which alleged that a Chinese hacking group known as 'Storm 1949' was responsible, claiming to have accessed visa details and thousands of confidential documents.
'It is not entirely clear where this has come from,' Sir Chris stated, adding that he could share 'remarkably little detail' because the investigation is complex and ongoing. He cautioned that some public reporting contained more speculation than accurate fact and urged against scaremongering, asserting that the government is 'on top of it'.
Political Fallout and Wider Context
The breach has ignited political controversy, with the Conservative opposition accusing the government of failing to protect national security. Shadow Foreign Secretary Dame Priti Patel cited reports of Chinese involvement, posting on X that 'Labour is failing to protect Britain from China's foreign interference.'
Sir Chris contextualised the FCDO incident within a wider pattern of high-profile cyber-attacks in 2025, referencing breaches at Marks and Spencer, Jaguar Land Rover, and the British Library. He emphasised the critical importance of tackling such threats across both the public and private sectors.
The government maintains its position that the risk to any individual from this specific breach remains low, while the full forensic investigation to determine the scope and origin of the attack continues.
