On October 16, 2025, the United Kingdom found itself at the center of a heated debate over national security, cyber espionage, and the reliability of its most sensitive intelligence systems. The controversy erupted after Dominic Cummings, former chief adviser to Prime Minister Boris Johnson, claimed that Chinese cyberspies had managed to infiltrate and compromise the UK’s highest-level security networks—specifically those handling the government’s most closely guarded secrets, known as “Strap” material.
Cummings, never one to shy away from the spotlight or controversy, told The Times that “some Strap stuff was compromised and vast amounts of data classified as extremely secret and extremely dangerous for any foreign entity to control was compromised.” He went further, asserting that this breach involved “material from intelligence services, material from the National Security Secretariat in the Cabinet Office. Things the government has to keep secret. If they’re not secret, then there are very, very serious implications for it.” According to Cummings, both he and then-Prime Minister Boris Johnson were briefed on the breach back in 2020, and he alleged that the core infrastructure for transferring the UK’s most sensitive data had been compromised “for years.”
These explosive claims quickly made headlines, stoking fears about the potential vulnerability of British intelligence and the reach of Chinese cyber operations. The “Strap” system, after all, is not just any government network—it’s a bespoke classification and compartmentalization system used for the UK’s most sensitive state secrets, the kind of information whose compromise could have profound implications for national security.
Yet, the UK government and its cybersecurity establishment swiftly moved to rebut Cummings’ allegations. A spokesperson for the Cabinet Office categorically denied the claims, stating, “It is untrue to claim that the systems we use to transfer the most sensitive government information have been compromised.” Ciaran Martin, the former chief executive of the National Cyber Security Centre (NCSC), was even more emphatic. Speaking to BBC and Radio 4, Martin said it was “categorically untrue that in 2020 briefings were given to the effect that the Chinese state had compromised the bespoke systems used for circulating Strap and other highly classified state secrets.”
Martin stressed that, had such a breach occurred, it would have fallen to the NCSC to lead the response, but “there was no such NCSC operation in 2020 or the preceding years.” He explained that “top secret networks are built, operated, secured, and monitored on an entirely different basis to the normal Internet based systems used by most of the rest of Government (and by the private sector and the rest of the economy).” In other words, the government’s most sensitive data is protected by layers of security well beyond those found in standard IT infrastructure, making the kind of breach described by Cummings highly improbable.
Nonetheless, the story took on additional complexity as other voices weighed in. Tom Tugendhat, the former security minister, told The Times that “the gist” of Cummings’ claims were “correct,” suggesting that at least some in government circles believed there was substance to the allegations. Meanwhile, a senior Whitehall source quoted by the same newspaper acknowledged that some sensitive information had been transferred to China—though encrypted—but ruled out any compromise of Strap material itself. “There were concerns that this could still have been accessed by the Chinese,” the source admitted, but insisted that the most sensitive compartmentalized data remained secure.
Downing Street, for its part, refused to deny outright that any sensitive information was stored on the allegedly compromised systems. The prime minister’s official spokesman said that the “most sensitive” information was not contained on any of the systems in question, but stopped short of ruling out that “any” sensitive information could have been. This carefully worded response only served to fuel further speculation.
The timing of Cummings’ intervention was notable, coming as it did amid ongoing questions over the UK’s national security posture toward China and in the wake of the collapsed China spying case earlier in 2025. That case, involving former parliamentary researcher Christopher Cash and teacher Christopher Berry, ended abruptly when the Crown Prosecution Service (CPS) determined that the government’s evidence did not show that China represented a threat to national security at the time of the alleged offenses. However, the government’s deputy national security adviser, Matt Collins, described Chinese intelligence services as “highly capable and conduct large scale espionage operations against the UK, which threaten the UK’s economic prosperity and resilience and the integrity of our democratic institutions.”
Collins’ witness statements, published by Labour leader Sir Keir Starmer, also revealed that he believed the two accused men had acted in a way that endangered the “safety” and “interests” of the UK, handing over material “useful” to the Chinese state. The accused have denied any wrongdoing. The evidence also included the striking detail that one alleged spy told another, “you’re in spy territory now,” as well as allegations that information about the Conservative Party leadership race was leaked to China. Despite these revelations, the CPS maintained that there was a crucial gap in the evidence—“95 percent of the way there, but there was a 5 percent gap that was missing,” according to Director of Public Prosecutions Stephen Parkinson.
The government’s handling of the case, and the broader question of how to define and respond to the Chinese threat, has come under fire from multiple political directions. The Conservatives argued that the witness statements showed “the extent of the threat that China poses to the UK, and makes it all the more shocking that the prime minister knew of the imminent collapse of this trial, but did nothing to stop it.” Sir Keir Starmer, meanwhile, insisted that the substantive evidence was submitted under the previous Conservative government and that supplementary statements reflected the Tory administration’s position.
Cummings, for his part, dismissed the notion that whether China constitutes a threat is a “difficult semantic question.” He told The Times, “Anyone who has been read in at a high level with the intelligence services on China knows that the word threat doesn’t even begin to cover it.” He has also offered to testify if Parliament launches an inquiry into the alleged breach, saying he would be “happy to talk about it.”
As the dust settles, the UK finds itself facing both public skepticism and internal division on the question of Chinese cyber espionage and the security of its most sensitive information. While the government and its cybersecurity experts continue to insist that the “Strap” system and its top secret networks remain uncompromised, the debate has exposed the deep anxieties running through Whitehall about the scale and sophistication of foreign intelligence operations. For now, the truth of what happened in 2020—and what, if anything, was compromised—remains fiercely contested, with both sides adamant in their positions and the public left to wonder just how secure Britain’s secrets truly are.
