The UK government has confirmed that government data has been stolen in a significant cyber attack, marking one of the most serious digital security breaches faced by Whitehall in recent years. While acknowledging the breach, officials have sought to reassure the public, stating that the risk to individual citizens is currently assessed as low.
Trade Minister Chris Bryant publicly confirmed the incident on Friday, saying investigations were ongoing and that immediate steps had been taken to close the security gap once the intrusion was detected.
According to Bryant, the compromised data was stored on systems operated by the Foreign Office on behalf of the Home Office. The breach was identified internally by Foreign Office staff, who flagged suspicious activity and alerted security agencies without delay.
China-Linked Group Suspected, No Official Attribution Yet
Government sources have indicated that a China-affiliated hacking group is suspected of being behind the cyber intrusion. However, the UK government has stopped short of formally attributing responsibility to any country or organisation.
A government spokesperson said authorities were “working through the investigation” and reviewing both technical and intelligence inputs before reaching any conclusions.
Speaking to BBC Breakfast, Bryant said:
“The investigation is ongoing, and the security gap was closed pretty quickly. At this stage, we believe the likelihood of individuals being compromised or directly affected is fairly low.”
Visa-Related Information May Have Been Targeted
According to a report by The Sun, the cyber attack occurred in October 2025, and the stolen data may include visa-related information. While officials have not confirmed the nature or extent of the data accessed, the possibility has raised concerns about sensitive immigration records being exposed.
The incident has been formally referred to the Information Commissioner’s Office (ICO), the UK’s data protection watchdog, which oversees compliance with privacy and data security regulations.
Intelligence Agencies Warn of Growing Cyber Espionage Threat
UK intelligence agencies have repeatedly warned of escalating cyber espionage activity originating from China, targeting government departments, political institutions, and commercial entities.
The UK’s cyber security agency GCHQ stated last year that it was devoting more resources to countering cyber threats from China than from any other country, reflecting the scale and sophistication of the challenge.
“Government facilities are always potential targets,” Bryant said. “We are now working through the consequences of this incident.”
Diplomatic Sensitivities Ahead of Planned China Visit
Confirmation of involvement by a Chinese state-linked group would be diplomatically sensitive, particularly as Prime Minister Sir Keir Starmer is expected to visit Beijing next year—the first visit by a UK prime minister since 2018.
The Labour government has maintained that engagement with China is unavoidable, given its central role in global trade, climate policy, and international governance. At the same time, ministers have acknowledged that China presents clear national security challenges.
Earlier this month, Sir Keir said UK policy towards China could not continue to swing between extremes, arguing that failing to manage the relationship carefully would amount to a “dereliction of duty”.
China Rejects Allegations of Cyber Attacks
The Chinese government has consistently denied accusations of cyber attacks against the UK. Responding last year to Britain’s National Security Strategy, a spokesperson for the Chinese embassy in London described allegations of Chinese cyber espionage as “entirely fabricated and malicious slander”.
Beijing has maintained that it opposes all forms of cyber crime and does not support hacking activities targeting foreign governments.
Outdated IT Systems Flagged as a Key Vulnerability
Cybersecurity experts say the breach highlights long-standing concerns over aging IT infrastructure across UK government departments.
Jamie MacColl, senior research fellow at the Royal United Services Institute (RUSI), told the BBC that many departments continue to rely on outdated systems that are increasingly vulnerable to sophisticated attacks.
Meanwhile, Jake Moore, global cybersecurity adviser at software firm ESET, said government agencies must invest more aggressively in modern digital defences.
“Government departments will continue to be targeted,” he said. “Without stronger cyber resilience, these incidents are likely to recur.”
Investigation Continues, Security Under Scrutiny
Authorities have not yet disclosed how the attackers gained access to the systems. Investigators are examining potential technical flaws, internal vulnerabilities, and possible foreign links.
The breach has once again placed the UK’s digital security framework, data protection standards, and preparedness against state-backed cyber threats under intense scrutiny. As investigations continue, the government faces growing pressure to demonstrate that critical systems—and public trust—are adequately protected in an era of escalating cyber warfare.
