The UK government has confirmed that the Foreign Office was hit by a cyberattack in October, triggering an ongoing investigation into one of Whitehall’s most sensitive departments.
Trade minister Chris Bryant publicly acknowledged the breach this week, saying that the breach was a “technical issue in one of our sites” and that “we managed to close the hole, as it were, very quickly.”
Speaking to Sky News, Bryant sought to dampen speculation around the incident while conceding that investigations into responsibility were still ongoing.
“There certainly has been a hack at the FCDO and we’ve been aware of that since October,” Bryant said. “Some of the reporting has, I think, been a bit more speculation than accurate. Quite often, the investigation takes quite a long time to get down to that. We’re fairly confident that there’s a low risk of any individual actually being affected by this.”
When asked whether the attack could be attributed to a foreign state actor, Bryant was careful not to assign blame, saying: “That’s not entirely clear.”
His comments follow reports suggesting the breach may have been linked to a China-aligned hacking group, dubbed Storm 1849, and that visa-related systems could have been accessed.
Storm 1849 is a state-sponsored threat actor that has targeted government networks globally through a campaign named “ArcaneDoor”. This campaign saw attackers exploit two zero-day vulnerabilities in Cisco ASA firewalls to deliver custom malware that extracts data from target systems.
Resilience Media asked the Home Office whether it was compromised via the same Cisco firewall flaws, but did not receive a response by publication time. It’s also not known what types of data was accessed during the intrusion or how many individuals have been impacted. According to The Sun, the Chinese-aligned threat actors stole “tens of thousands” of files.
A spokesperson for the UK’s Information Commissioner’s Office (ICO), which requires breached organisations to report data breaches within 74 hours, confirmed to Resilience Media that it has “received a report in relation to this and are assessing the information provided.”
The FCDO breach comes amid heightened cyber pressure on the UK throughout 2025. The National Cyber Security Centre has warned of sustained “nationally significant” incidents affecting public bodies, critical infrastructure, and major private-sector organisations. Recent attacks on British firms, including Jaguar Land Rover and Marks & Spencer, which caused operational disruption and financial loss, have highlighted how broad and persistent the cyber threat now is.
The Foreign Office incident is particularly sensitive as the department sits at the intersection of diplomacy, intelligence sharing, and international security policy, and any compromise, even if contained quickly, raises questions about systemic exposure and adversary intent.
The timing is also politically delicate. The government has taken a firmer public stance on hostile cyber activity linked to China in recent years, including sanctions against companies accused of enabling cyber espionage, while simultaneously seeking to stabilise diplomatic and economic relations. Prime Minister Keir Starmer has described China as a “national security threat” even as Downing Street pursues renewed engagement with Beijing.
