The UK government has confirmed that the Foreign, Commonwealth and Development Office (FCDO) was the victim of a cyber attack in October 2025, sparking an ongoing investigation and media reports that hackers linked to China were responsible. Trade Minister Chris Bryant publicly addressed the incident, stating that officials believe the security gap was "closed pretty quickly" and that there is a "fairly low-risk" to individuals whose data may have been involved.
The first report of the hack came from The Sun newspaper, which named a Chinese cyber-espionage group known as Storm-1849 as the suspected perpetrator. The group has previously been accused of targeting critics of the Chinese government and was linked by cybersecurity firm Cisco to a sophisticated campaign dubbed "ArcaneDoor" that targeted government networks. However, Minister Bryant has repeatedly urged caution against speculation, telling broadcasters it was "not clear" who was behind the attack and that it was "not entirely clear" if China was involved.
The allegations emerge at a diplomatically sensitive time. Prime Minister Keir Starmer is reportedly planning a visit to Beijing, which would be the first by a UK prime minister since 2018. The government has stated its intention to pursue a pragmatic relationship with China, engaging on issues like trade and climate while remaining clear-eyed about security threats. Confirmation of a state-linked Chinese hack would complicate these efforts. A government spokesperson emphasized that they take the security of systems and data "extremely seriously".
This cyber attack follows another major, unrelated data incident from 2022 involving the UK Ministry of Defence. In that case, an official accidentally shared a spreadsheet containing the names and details of approximately 18,700 Afghan applicants to relocation schemes. The data was later found briefly online in 2023. In response to that breach, the government established a special resettlement route and expects over 7,300 Afghans to be moved to the UK as a direct result, with costs estimated in the hundreds of millions of pounds. The Information Commissioner's Office (ICO) described that incident as "deeply regrettable" and stated it had placed thousands of vulnerable people at risk.