Ministers confirm breach at UK Foreign Office but details remain murky

Officials admit 'there certainly has been a hack,' but refuse to confirm China link or data theft

The UK's Foreign Office is investigating a confirmed cyberattack it learned about in October, senior ministers say.

Trade minister Sir Chris Bryant told Times Radio on Friday that "there certainly has been a hack" but it is too early in the government's investigation to confirm other widely reported details.

The news first broke in The Sun on Friday. The tabloid claimed that Chinese state-sponsored attackers were behind the intrusion and stole details related to tens of thousands of visa applications.

However, Sir Chris said many of the details reported by the British red top are speculative.

"The front page of The Sun is slightly over-egging the details that are available at this stage," he said. "But the one thing I do want to reassure people about is that in our initial investigation we are pretty confident that no individual will be harmed.

"As you said, potentially people's visa applications might have been attacked, but that is somebody speculating."

Sir Chris said that there has been nothing thrown up by the investigation thus far that suggests any individual would be harmed or compromised.

"There certainly has been a hack, I can say that. I'm not able to say whether it is directly related to Chinese operatives, or indeed the Chinese state.

"We have been engaged in an investigation since October. Just as with JLR, M&S, the British Library, and a whole series of other cyberattacks, it does take some time to get to the bottom of exactly what's happened."

The Register asked the Foreign, Commonwealth, and Development Office (FCDO) for more information about the attack, including which systems are under investigation and how the attackers – pending attribution – were able to access them.

A government spokesperson simply responded: "We have been working to investigate a cyber incident. We take the security of our systems and data extremely seriously."

Sir Chris told Sky News: "We managed to close the hole, as it were, very quickly. There was a technical issue in one of our sites, I gather, and we're fairly confident that there's a low risk of any individual actually being affected by this."

The news of the attack comes just days after security researchers at Check Point Software said Chinese cyber-espionage groups have compromised several dozen victims in their bid to expand spying efforts on European governments.

Check Point did not list any of the governments involved, but said those behind the attacks are compromising servers and laying the ground for future operations.

Of the four major geopolitical adversaries, the UK has repeatedly singled out China as an "epoch-defining challenge."

GCHQ director Anne Keast-Butler told CYBERUK in 2024 that more resources were spent on tackling the threat presented by China than any other UK intelligence mission.

"China poses a genuine and increasing cyber risk to the UK," she said at the time.

"China has built an advanced set of cyber capabilities and is taking advantage of a growing commercial ecosystem of hacking outfits and data brokers at its disposal.

"The PRC is looking to shape global technology standards in its own favor, seeking to assert its dominance within the next 10 to 15 years.

"Which is why the UK's intelligence community is working alongside our allies in the Five Eyes and beyond, and also in partnership with our industry and academic colleagues to deter and combat cyber threats from nation-states and hostile actors."

China is seen as the long-term threat, while Russia is the problem of today – the acute and powerful threat that requires significant resources and cooperation to tackle.

In her first speech since taking over as MI6 director, Blaise Metreweli said this week that the UK is currently operating between peace and war, referring more broadly to geopolitical adversaries, but later cited a "grey zone" it shares with Russia, which is just below the threshold of war. ®