Cyber Incident Victim: Liz Truss
Date:
Aug 2022
Location:
United Kingdom
Summary
A personal mobile phone belonging to Liz Truss was compromised by suspected Kremlin-linked hackers while she served as Foreign Secretary, resulting in unauthorized access to sensitive communications. The breach exposed confidential discussions with international allies regarding Ukraine-related negotiations, including arms shipments, alongside private messages containing criticisms of political figures that raised potential blackmail risks. The compromised device, which reportedly contained up to a year’s worth of data, was subsequently secured in a government-controlled location for forensic analysis. The incident prompted internal government disruption and a coordinated news blackout to mitigate political fallout, while security experts condemned ministers’ use of personal devices for official communications as a systemic vulnerability.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In August 2022, during Liz Truss’s tenure as UK Foreign Secretary, her personal mobile phone was compromised by hackers suspected of acting on behalf of the Kremlin. The attackers gained access to sensitive communications, including approximately one year’s worth of messages. These included confidential discussions with international partners regarding military support for Ukraine, particularly details about arms shipments, as well as private exchanges with Kwasi Kwarteng, then-Chief Secretary to the Treasury. The compromised messages also contained criticisms of then-Prime Minister Boris Johnson, raising concerns about potential blackmail risks. The breach was discovered by security services, prompting immediate containment measures. The device was deemed irrecoverably compromised and was secured in a locked safe within a government facility for forensic analysis. Truss was forced to abandon the phone number she had used for over a decade shortly before becoming Prime Minister in September 2022, causing operational disruptions as cabinet ministers and advisers lost contact with her during the transition.
The incident triggered a high-level government response, with Prime Minister Johnson and Cabinet Secretary Simon Case being notified immediately. A news blackout was imposed to prevent public disclosure during the Conservative leadership contest, though Truss reportedly experienced significant personal distress over the potential political fallout. Security experts expressed alarm at the vulnerability of ministers using personal devices for official communications, citing the use of commercial spyware like Pegasus, which can infiltrate phones via unopened text messages. The breach highlighted systemic vulnerabilities, with critics including security professor Antony Glees condemning the government’s lax protocols. The UK government declined to comment on specifics but reiterated its adherence to “robust” cybersecurity systems, including ministerial briefings on data protection. Subsequent revelations that Truss’s compromised phone number was listed for sale online alongside those of 25 other cabinet ministers further underscored ongoing security challenges. The incident remained under investigation, with attribution efforts focusing on Russian state actors due to the timing and nature of the accessed data, which aligned with Truss’s prominent role in coordinating Western support against Russia’s invasion of Ukraine.