The UK’s Foreign, Commonwealth and Development Office was the victim of a cyber-attack in October, a government minister has confirmed.
Chris Bryant, a trade minister in Sir Keir Starmer’s government, said there was a low risk to “any individual” following the breach. Speaking to Sky News, Bryant confirmed the incident but urged caution over attributing responsibility.
“There certainly has been a hack at the FCDO and we’ve been aware of that since October,” Bryant said, adding that it was “not clear” who carried out the attack and warning against speculation.
Details of the breach emerged on Friday in a report by the Sun, which claimed a Chinese hacking group was responsible. The newspaper named Storm 1849 as the alleged perpetrator and said the incident may have involved access to tens of thousands of visa records. The group has been “accused of targeting politicians and groups critical of the Chinese government”, according to the report.
A government spokesperson said: “We have been working to investigate a cyber incident. We take the security of our systems and data extremely seriously.”
While little public information is available about Storm 1849, the group has been linked to a hacking campaign known as ArcaneDoor, first identified in 2024. According to the US technology firm Cisco, ArcaneDoor has targeted government networks and previously affected Cisco’s own systems. The company has described the attacks as showing the hallmarks of a “sophisticated state-sponsored actor”.
Cisco issued an updated alert on ArcaneDoor activity in late September, shortly before the Foreign Office breach is understood to have taken place.
Toby Lewis, global head of threat analysis at UK cybersecurity firm Darktrace, said it would be “reasonable” to suggest a connection between the ArcaneDoor campaign and the Whitehall incident.
“It would be fair to say these two things happened broadly at the same time and it would be a reasonable hypothesis to suggest they are linked,” he said.
Lewis added that Chinese state-backed cyber actors are known for targeting large volumes of sensitive data. In 2024, the UK government blamed China for a cyber-attack on the Electoral Commission that exposed the personal information of around 40 million people.
“We do see some Chinese threat groups targeting datasets that might serve a benefit to Beijing in the future,” Lewis said.
