Several London councils are facing weeks of disruption after a significant cyber attack that compromised IT systems across Kensington and Chelsea, Westminster, and Hammersmith & Fulham. These three councils share IT services, which allowed the attack to spread across their interconnected systems. Authorities have confirmed that data was copied during the attack, triggering warnings for residents to stay vigilant against fraudulent calls, emails, and texts.
Historical data copied in Kensington and Chelsea data breach
The Royal Borough of Kensington and Chelsea (RBKC) has confirmed that “some data was copied and taken away” during a cyber incident discovered early on Monday, 24 November. Although the council believes the affected information relates to historical data, it has not ruled out the possibility that personal or financial details may be included.
“We still have access to this information; it has not been stolen, but it is possible it could end up in the public domain,” the council said in an updated statement. RBKC added that it is working urgently to identify which records were accessed, with the process expected to take time.
Residents who have purchased services such as parking permits are being urged to double-check their bank accounts and remain alert for suspicious activity.
Shared IT systems causing chain effect
Westminster City Council and Hammersmith & Fulham have also been impacted. Westminster shares core IT infrastructure with RBKC, making it particularly vulnerable. While Westminster has not confirmed a data breach, it continues to experience “ongoing technical issues” and warns that restoring systems safely “will likely take several weeks.”
Hammersmith & Fulham, which left the shared-services arrangement in 2017 but still relies on some legacy systems, reported that archived data from 2006 to 2020 may have been copied. The council says it managed to rapidly isolate its network and currently has “no evidence of compromise,” though it has shut down some public-facing applications as a precaution.
Emergency measures and disruptions
To contain the threat, the councils shut down many of their networks. This has caused “significant disruption” expected to last for weeks.
Across the impacted boroughs, residents are experiencing issues with phone lines, online portals, web forms, and back-office systems. Manual processes have been reintroduced, and some councils have reopened in-person customer service centres for emergency queries only.
RBKC has activated its emergency and business continuity plans, prioritising support for vulnerable residents. The council said it expects at least two weeks of significant disruption while systems are restored.
Residents paying council tax by Direct Debit have been advised that payments will not be collected until systems come back online, and to ensure funds remain available.
Advice from councils: what to do if you’re affected
All affected boroughs are urging residents, service users, and businesses to exercise heightened caution:
- Be wary of unexpected calls, texts, or emails requesting personal or financial information
- Monitor bank statements and card activity
- Report suspicious activity via Action Fraud
- Follow NCSC guidance on protecting personal data during breaches
Counsellor Elizabeth Campbell, leader of RBKC, said that alerting residents early—even before full details are known—was “the right thing to do.” “As a resident myself, I would want to know this information as soon as possible and then be able to take steps to protect myself if necessary,” she added.
With investigations ongoing and system restoration still in early stages, Londoners in the affected boroughs are likely to face continued inconvenience. Councils promise regular updates as more information becomes available.
For now, the priority remains safeguarding essential services, understanding the full extent of the breach, and reducing the risk of further compromise.
