The UK government has admitted that the Foreign, Commonwealth and Development Office (FCDO) IT systems were hacked in October, but insists the attack had a “low risk” of compromising personal data.
During a series of television interviews today (December 19, 2025), Commerce Secretary Chris Bryant said it was “unclear” who carried out the attack, although the first report of the hack was published in Sunattributed it to a Chinese attacker known as Storm 1849.
The same group was accused of identifying vulnerabilities in Cisco equipment This led the National Cyber Security Center (NCSC) to issue a warning in September to organizations using the Cisco Adaptive Security Appliance family of unified threat management systems. Users were asked to replace any devices that had reached the end of their useful life, noting the significant risks that aging or outdated equipment could pose.
Bryant said some reports of the FCDO hack were “speculation” but the government was able to quickly “close the hole” and that security experts were confident there was a “low risk” of anyone getting hurt. Sun The report claims that hackers gained access to sensitive data and documents, possibly including thousands of visa details.
Storm 1849 attack on Cisco equipment is called Secret Doorand targets two zero-day vulnerabilities. One of them was a high denial of service vulnerability that allowed remote code execution; the other is a serious persistent local code execution vulnerability.
While government IT systems are always under intense cybersecurity scrutiny, the hack will provide further impetus to critics of plans to introduce a national digital ID scheme, many of whom have already raised concerns about the potential risks of collecting citizens' identities.
Development also occurs the day after ITV News broadcast a report about Cybersecurity issues found in One Login is the government's single sign-on system that will form the basis of the digital ID plan first announced in Computer Weekly in April.
Damaging year
2025 was a particularly devastating year for cyberattacks, with high-profile ransomware campaigns affecting Jaguar Land Rover (JLR) cooperative And Marks and Spencer.
The Office for National Statistics attributed the UK's November contraction partly to JLR attack that stopped car production on the manufacturer and had an impact on the entire automotive supply chain.
Last month four London councils – Kensington and Chelsea; Hackney; Westminster; and Hammersmith and Fulham – suffered cyber attacks, disrupting services and prompting an investigation by the NCSC. Westminster subsequently admitted that potentially sensitive data was copied from its systems during the hack. Three local authorities manage the overall IT service.
