The UK government has confirmed that threat actors gained access to a classified government system, following earlier claims by former chief adviser Dominic Cummings.
Speaking on BBC Breakfast, Trade Minister Chris Bryant said a system operated by the Foreign Office, on behalf of the Home Office, had been compromised in October.
According to Bryant, the intrusion was detected and addressed quickly, and a more detailed investigation is still underway.
Table of Contents
Unclear attribution and limited disclosure
While earlier reports suggested that the attackers may have been linked to Chinese state sponsored groups, Bryant declined to confirm attribution.
“We simply don’t know as yet who is responsible,” he said, adding that the government believes the risk to individuals is low.
“We think that it’s a fairly low risk that individuals will have been compromised or affected,” Bryant told the BBC.
Reports circulating earlier indicated that data such as visa related information may have been accessed, but officials have not confirmed exactly what was taken.
Government response and broader context
Bryant framed the incident as part of a wider reality facing governments worldwide.
“Government facilities are always going to be potentially targeted,” he said, adding that investigators are now “working through the consequences of what this is”.
“This is a part of modern life that we have to tackle and deal with,”
Bryant concluded.
Western intelligence agencies and cybersecurity firms have repeatedly warned about sustained cyber activity originating from China, with groups such as Volt Typhoon, Salt Typhoon, APT27, and Mustang Panda accused of targeting governments, telecoms providers, critical infrastructure, journalists, and think tanks.
China has consistently denied these accusations, arguing instead that the United States and its allies exaggerate threats and engage in cyber operations themselves.
What happens next
The investigation into the breach is ongoing, and the UK government has not indicated whether further disclosures will be made once attribution and impact assessments are complete.
For now, officials maintain that the incident was contained quickly and does not pose a significant risk to individuals, even as concerns over state level cyber espionage continue to grow.
