The UK government said that it continues to investigate a cyber incident after media reports claimed hackers linked to China accessed thousands of confidential documents held by the Foreign, Commonwealth and Development Office. Officials framed the situation as contained, though politically awkward.
Trade Minister Chris Bryant said investigators opened the probe in October and currently assess the risk to personal data as fairly low.
He spoke after The Sun reported that Storm 1849, a hacking group tied to the Chinese state, may have accessed information connected to tens of thousands of visas.
Bryant pushed back on that account. He told the BBC that claims around both the scale of the breach and its link to China remain speculative, and he said he did not want to fuel assumptions that investigators have not confirmed.
The allegations surface at a delicate point in UK-China relations.
Prime Minister Keir Starmer’s government wants to repair trade and diplomatic ties strained by long-running concerns over espionage and human rights.
Starmer reportedly plans a visit to China in late January, the first by a UK prime minister since 2018. At the same time, ministers have delayed a decision on a proposed large Chinese embassy in London after criticism that the site could support intelligence activity.
Bryant said the government aims for a pragmatic relationship with Beijing. He described areas for cooperation alongside others where the UK will challenge China, adding that officials approach the relationship with what he called eyes wide open.
Separate cyber incidents now compound the pressure.
Westminster City Council confirmed that hackers stole potentially sensitive and personal data during an attack that affected three neighbouring London authorities last month.
Westminster shares IT services with the London Borough of Hammersmith and Fulham and the Royal Borough of Kensington and Chelsea, and all three councils felt the impact after the breach emerged on 24 November.
RBKC said four days later that attackers had breached its systems. Westminster has since confirmed that its data was copied after intruders accessed systems operated by RBKC.
The council said the affected information sat within the shared IT environment and likely includes limited personal data.
Westminster said teams continue to assess what data attackers took and how it links to individuals, following guidance from the Information Commissioner’s Office.
The council said the data remains intact, not deleted, and investigators have found no indication that anyone published it online.
RBKC said its own investigation, supported by NCC Group and independent forensic experts, confirmed a criminal cyber attack where attackers copied and removed data. The borough said it detected the intrusion quickly and believes attackers failed to move laterally across other systems.
Police and national agencies now support the response. The Metropolitan Police, the National Crime Agency, and the National Cyber Security Centre all joined the investigation.
Westminster councillor David Boothroyd, cabinet member for finance and council reform, said the council prioritises protecting vulnerable residents while restoring services disrupted by the attack.
He said teams secured systems quickly and will restore services as safely and fast as possible, though the work takes time. Boothroyd said the council will continue to issue updates as recovery continues.
RBKC warned that a full review of possible data exfiltration will take months. The borough said it has already written to more than 100,000 households with guidance for residents concerned about the breach. Officials said essential services, especially those supporting vulnerable people, take priority as systems come back online.
The cyber attack disrupted public services across all three councils. In Hammersmith and Fulham, most online services went offline, including council tax accounts, business rates payments, benefits systems, housing repairs, parking services, freedom pass applications, and property licensing.
Westminster reported similar disruption.
Affected services include rent and service charge payments, council tax and business rates, housing repairs, local support payment applications, community hall bookings, registration services, children’s services referrals, licensing, complaints handling, and online waste and recycling requests.
The UK government also confirmed that attackers breached IT systems at the Foreign, Commonwealth and Development Office in October. Officials again described the risk to personal data as low, though investigations remain active and politically sensitive.
