Chinese state-linked cyber hackers have gained unauthorised access to confidential UK visa records stored by the Foreign Office, raising serious concerns over the safety of sensitive personal data. According to a report by The Telegraph, the China-backed cyber espionage group known as “Storm-1849” targeted government servers in October, accessing Home Office visa application records. The cyber intrusion was not disclosed publicly at the time.
The revelation has sparked alarm that the hackers may have deliberately targeted data relating to Hong Kong passport holders, Chinese political dissidents, and individuals who sought asylum or protection in the UK. Cybersecurity experts warn that such data could be exploited to intimidate individuals, track activists abroad, or place families back in China under pressure—posing a direct threat to personal safety.
Security Concerns Intensify Amid Political Backdrop
The cyber breach comes at a time when UK concerns over China’s security footprint are already intensifying. The incident has surfaced against the backdrop of a collapsed prosecution involving two suspected Chinese spies and an ongoing political dispute over a proposed Chinese “super embassy” in London.
In September, the Crown Prosecution Service (CPS) attributed the failure of the espionage case partly to the government’s reluctance to formally designate China as a national security threat. Notably, the collapse of that case occurred just a month before the reported cyber intrusion, prompting renewed questions about the UK’s broader China policy.
Government Response and Investigation
A government spokesperson confirmed that a “cyber incident” affecting official systems is under investigation, stating that the UK takes the security of data and digital infrastructure extremely seriously. Business Minister Sir Chris Bryant also acknowledged the breach, though he stressed that preliminary findings have not shown evidence of individuals suffering direct harm or compromise as a result.
He added that investigations have been ongoing since October and cautioned that, as seen in other recent cyber attacks, establishing the full scale and impact could take time. Recent cases include cyber incidents involving Jaguar Land Rover, Marks & Spencer, and the British Library, each of which took months to fully assess.
A Pattern of Escalating Cyber Attacks
The visa data breach is being viewed as part of a broader pattern of high-impact cyber attacks targeting the UK in recent years. In August, a suspected Russian-linked cyber attack on Jaguar Land Rover disrupted production for nearly five weeks, causing losses estimated in the billions of pounds. Meanwhile, a major cyber attack on Marks & Spencer reportedly wiped out much of the retailer’s annual profits.
Security analysts argue that state-backed cyber operations are increasingly being used as tools of geopolitical pressure, blurring the line between espionage and economic warfare.
Storm-1849: China’s Cyber Espionage Network
Western intelligence agencies describe Storm-1849 as a state-sponsored Chinese cyber espionage group operating in support of Beijing’s strategic interests. The group has previously been accused of targeting politicians, parliamentary staff, and organisations critical of the Chinese government.
Investigators say the group commonly uses phishing emails, compromised cloud credentials, and covert access to government systems to extract politically sensitive data. Visa and asylum records are considered especially valuable, as they can reveal identities, locations, and personal histories of individuals viewed as hostile by the Chinese state.
Warnings and Political Accusations
Luke de Pulford, co-founder of the Inter-Parliamentary Alliance on China, warned that any attempt to downplay the breach to avoid upsetting Beijing would severely damage public trust and national security. He argued that failure to respond firmly would signal weakness and invite further intrusions.
Former Conservative leader Sir Iain Duncan Smith accused the government of attempting to suppress the seriousness of the incident ahead of Prime Minister Keir Starmer’s planned visit to China. “China believes it can act with impunity,” he said, adding that official silence only reinforces that perception.
Pressure Mounts Ahead of China Visit
Prime Minister Keir Starmer is scheduled to travel to China in January—the first visit by a British prime minister since 2018. While the government has emphasised economic engagement, opposition figures and security experts warn that commercial priorities must not override national security risks.
Analysts caution that without a clear and robust China security strategy, cyber attacks targeting Britain’s democratic institutions and administrative systems are likely to continue—posing long-term risks to sovereignty, personal safety, and public confidence.
