UK confirms the Foreign Office was hacked in October, sparking fears that thousands of sensitive documents and confidential data may be compromised.
Ministers have acknowledged that they are not certain who the hacker is, while being "pretty confident" that the information of visa applications has not been accessed.
The Sun was informed by sources that the October breach was carried out by the Storm 1849 gang, a Chinese outfit that was officially identified in March 2024 in relation to cyberattacks on MPs and the Electoral Commission.
According to the newspaper, "thousands" of private papers and information were recovered from the data breach.
Trade Minister Sir Chris Bryant acknowledged that there "certainly has been a hack," but he insisted that the broader reports were not entirely accurate and declined to comment on whether a group with ties to China was responsible.
Speaking to Times Radio, Sir Chris said:
“I’m actually going to take some of the details that you’ve just put out there off the table, because I’m not sure that they’re necessarily accurate.
You just referred to potentially affecting thousands of visas. We are very confident that in the investigation that we’ve done so far, that nobody, no individual, will have been harmed or compromised by what has happened.
There certainly has been a hack, I can say that, I’m not able to say whether it is directly related to Chinese operatives or indeed the Chinese state.”
He added:
“We’ve been engaged in an investigation since October, just as with [Jaguar Land Rover] and M&S, and the British Library and a whole series of other cyberattacks, it does take some time to get to the bottom of precisely what has happened.”
The government's challenges in trying to reduce tensions with Beijing are exacerbated by the recent reports, which come amid persistent unease over the collapse of a Chinese eavesdropping case and MI5's warnings of the communist state's threat to UK national security.
The government must stop "dragging its heels" over whether to move China to the enhanced tier of its threat regime, the parliamentary intelligence watchdog warned last week.
A government spokesperson said:
“We have been working to investigate a cyber incident. We take the security of our systems and data extremely seriously.”
Which systems at the Foreign Office were affected by the breach?
The Foreign Office( FCDO) cyberattack in October 2025 primarily affected visa- related systems, with reports indicating knockouts of thousands of lines potentially penetrated. Reports indicate thousands of sensitive documents and visa aspirant data may have been penetrated, with criteria suspected to China- linked group Storm 1849 via Cisco ASA firewall zero- days in the" ArcaneDoor" crusade.
The intrusion targeted waiters handling visa aspirant data, operated on behalf of the Home Office by FCDO staff who detected the anomaly; bushwhackers exploited Cisco ASA firewall zero- days in the" ArcaneDoor" crusade linked to China- aligned group Storm 1849.
Ministers described it as a
"specialized issue in one of our spots,"
fleetly renovated with low individual threat assessed, though sensitive political documents remain under disquisition by the ICO and NCSC.