Cyberattack Disrupts Services Across London Councils
Three London councils, Kensington and Chelsea, Westminster, and Hammersmith and Fulham, have activated emergency response plans after a cyberattack that hit their shared IT systems.
The incident was first detected on Nov. 24 and has since caused phone line disruptions, service delays, and precautionary shutdowns of several systems across the councils.
The Royal Borough of Kensington and Chelsea (RBKC) warned residents that some pages on its website may be unavailable throughout the day as technicians work on security fixes. It also noted that teams are monitoring phones and emails more closely, saying, “We’ve activated business continuity and emergency plans to ensure we are still delivering critical services to residents, focusing on supporting the most vulnerable.”
Westminster City Council similarly acknowledged disruption, writing, “We know a number of systems remain impacted and our focus is to ensure we are still delivering critical services to residents, focusing on supporting the most vulnerable.”
Hammersmith and Fulham, which shares some IT links with the two boroughs, confirmed it experienced a “serious cybersecurity incident” and is taking steps to isolate and protect its network.
As of Wednesday, RBKC said its teams have already established what caused the breach, but details are being withheld due to ongoing investigations with the Metropolitan Police and the National Cyber Security Centre (NCSC).
The councils also confirmed they are investigating whether any resident data has been compromised, which they state is “standard practice” in such incidents, and they have informed the Information Commissioner’s Office (ICO).
Other councils on high alert
The incident has caused other London local authorities to heighten their cyber defenses. Hackney Council, which was hit by a major ransomware attack in 2020 that accessed and encrypted 440,000 files, raised its own cybersecurity threat level to “critical” after receiving intelligence that multiple London councils had been targeted.
While Hackney itself remains unaffected, its staff were issued an urgent memo warning them about phishing attacks and urging them not to click links from colleagues in Kensington and Chelsea or Westminster.
Rob Miller, a former IT director at Hackney Council, commented on the gravity of the situation in a statement cited by the Guardian: “If you want to impact on people’s lives, councils are a good target. [When it happens] it feels like your stomach has dropped out and quickly it becomes apparent how hard it is to get things back. It’s a genuinely traumatic experience.”
Until investigators determine the full impact, including whether any data has been compromised, councils will continue to operate under emergency conditions.
“We don’t have all the answers yet … but we know people will have concerns, so we will be updating residents and partners further over the coming days,” RBKC noted in a statement.
In other cybersecurity news, researchers say Russia’s Gamaredon and North Korea’s Lazarus may be sharing infrastructure — a rare APT collaboration.
About Author
