The British government confirmed on Friday morning that data held on a Foreign Office system was compromised in a cyber incident earlier this year, although it said the incident was only considered to pose a “low risk” to individuals.

The incident was first reported by The Sun newspaper, which attributed the attack to the China-based group Storm-1849. It said the hackers “accessed personal information, understood to possibly include tens of thousands of visa details.”

The month the government spotted the incident, the group had been said to be exploiting vulnerabilities in a popular line of Cisco firewalls used by governments in Asia, Europe and the United States. The British government did not say which threat actor was involved in the Foreign Office incident or the method of access.

Speaking to broadcaster Sky News, the government’s trade minister Sir Chris Bryant said: “There certainly has been a hack at the FCDO [Foreign, Commonwealth and Development Office] and we’ve been aware of that since October.”

But the minister pushed back on the attribution to Storm-1849, claiming “the reporting has, I think, been a bit more speculation than accurate” while saying he could share “remarkably little” about the incident because “the investigation takes quite a long time.”

Bryant said the government “managed to close the hole, as it were, very quickly,” and described the incident as “a technical issue in one of our sites” which had “a low risk of any individual actually being affected.”

The British intelligence community has strict rules around making assessments identifying who perpetrated attacks that were introduced, following the Butler Review into intelligence failings related to the claim Iraq possessed weapons of mass destruction.

In recent years, the government has made several public attributions of malicious cyber activity to China — including identifying companies engaged in cyber espionage targeting critical infrastructure — and in recent weeks sanctioned two Chinese companies accused of facilitating cyber operations targeting the U.K. and its allies.

Last month, the country’s domestic security and intelligence agency MI5 warned members of the Houses of Parliament that Chinese spies were actively attempting to target them through LinkedIn.

Asked about the incident detected in October, a government spokesperson said: “We have been working to investigate a cyber incident. We take the security of our systems and data extremely seriously.”

It is understood the government is keen to discourage speculation about Chinese cyber activities as a matter of policy that predates the current Labour Party government. 

Earlier this year, a former special adviser claimed, without evidence, that China had compromised “vast amounts” of information from the country’s most sensitive networks back in 2020. The government described the claims as “categorically untrue.”

Under the Conservative Party government in 2024, Defense Minister Grant Shapps urged caution following reports that China was suspected of hacking a third-party payment system used by the armed forces.

The Shadow Foreign Secretary, Priti Patel, on Friday accused the government of “failing to protect Britain from China’s foreign interference in our country” and said Prime Minister Keir Starmer “kowtows to China at every opportunity and cannot be trusted to protect our national interest.”

Her comments come amid a political debate about whether the British government will approve Beijing’s plans to build a “super embassy” in London that has provoked concerns it could make the city a large hub for Chinese espionage. It has been reported that ministers are set to sign off on the embassy following MI5 approval and ahead of a visit to Beijing by the prime minister.