Foreign Office targeted by 'serious cyber security incident', document shows

Credit: Foreign Office Flickr

The Foreign Office was the victim of a "serious cyber security incident", it has been revealed after almost half a million pounds were paid to a consultancy firm for "urgent support".

The exact nature of the incident is unclear, nor is it clear whether the department was the target of a malicious attack, who may have carried it out, or what damage may have been done.

ITV News understands a "hostile state" was responsible and no sensitive or classified information was compromised.

How was the Foreign Office exposed? ITV News Political Reporter Shehab Khan reports

In a tender document, the department said it had been "the target of a serious cyber security incident, details of which cannot be disclosed".

The document showed £467,325.60 was paid to an information technology consulting company for "urgent support" following the incident.

Explaining the purchase of services from BAE systems applied intelligence, the department said the contract was awarded without competitive tender because of the "extreme urgency" brought about by "unforeseeable events".

"In response to this incident, urgent support was required to support remediation and investigation."

The document, first reported by The Stack, added: "Due to the urgency and criticality of the work, the Authority was unable comply with the time limits for the open or restricted procedures or competitive procedures with negotiation."

BAE was hired, the document said, to provide "business analyst and technical architect support to analyse an authority cyber security incident".

The contract ended on January 12, 2022, however that does not indicate exactly when the incident took place.

A statement from the Foreign, Commonwealth and Development Office said the department does not comment on security but has systems in place to prevent hostile actors and cyber criminals from accessing networks.

The FCDO said: "We do not comment on security but have systems in place to detect and defend against potential cyber incidents."