Cyberattack Disrupts Services Across Three London Councils
In late November 2025, a significant cyberattack targeted the shared IT infrastructure of three central London councils: the Royal Borough of Kensington and Chelsea (RBKC), Westminster City Council, and Hammersmith and Fulham Council. This incident led to substantial disruptions in public services, including the shutdown of phone lines and online platforms, affecting essential functions such as housing, social care, and waste collection.
Immediate Response and Impact
Upon detecting the breach, the councils promptly activated emergency response plans to mitigate the impact and ensure the continuity of critical services. RBKC and Westminster, which share IT services, reported that multiple systems were compromised, including communication channels. They collaborated with the National Cyber Security Centre (NCSC) and cybersecurity experts to restore functionality and safeguard sensitive data. Hammersmith and Fulham Council also faced similar challenges and worked diligently to address the disruptions.
Nature of the Attack
While the councils have not officially confirmed the specifics of the cyberattack, indications suggest it was a ransomware incident targeting their shared IT service provider. Ransomware attacks typically involve encrypting data and demanding payment for its release. The councils have refrained from disclosing detailed information to avoid compromising ongoing investigations.
Data Security Concerns
A significant concern arising from the attack is the potential compromise of sensitive data. Reports indicate that approximately 440,000 files, primarily historical data archived between 2006 and 2020, were accessed by unauthorized parties. Although the data was not stolen, there is a risk it could be publicly disclosed. The councils have notified the Information Commissioner’s Office (ICO) and are conducting thorough assessments to determine the extent of the data breach.
Broader Implications
This cyberattack underscores the escalating threats faced by local authorities, which often manage vast amounts of sensitive information with limited cybersecurity resources. For instance, Hammersmith and Fulham Council has previously reported facing approximately 20,000 cyberattack attempts daily, highlighting the persistent risks in the digital landscape.
Ongoing Investigations and Future Measures
The affected councils are collaborating with the NCSC, the National Crime Agency, and other relevant bodies to investigate the incident thoroughly. Their primary objectives are to identify the perpetrators, assess the full impact, and implement enhanced security measures to prevent future occurrences. Residents are advised to remain vigilant against potential phishing attempts and to follow official communications for updates.
