Cyberattack disrupts IT Systems across three London councils
Learn More
The Royal Borough of Kensington and Chelsea (RBKC), Westminster City Council (WCC), and the London Borough of Hammersmith and Fulham (LBHF) are experiencing significant service disruptions after a cybersecurity incident that occurred on Monday.
The attack has impacted multiple systems, including phone lines and online services, preventing residents from contacting the authorities through normal channels. According to security expert Kevin Beaumont, the incident appears to be a ransomware attack targeting a services provider used by all three councils.
RBKC and WCC share IT infrastructure as part of joint service arrangements. Together, RBKC and WCC provide services to approximately 360,000 residents. Although LBHF was not directly impacted by the initial attack, the council implemented enhanced isolation measures to safeguard its networks, which resulted in business disruptions for the 180,000 residents it serves.
The councils have shut down several computerized systems to limit further damage and are working with cyber incident experts and the National Cyber Security Centre.
The nature of the attack, any data has been compromised and number of affected individuals are not disclosed. RBKC has informed the UK Information Commissioner's Office (ICO) about the incident.
The councils have committed to providing regular updates to residents and partners as more information becomes available.
Update - as of 29th of November 2025, the councils report that the attackers accessed and stole approximately 440,000 files. The number of affected individuals is still not disclosed.
As of 17th of December 2025, Westminster City Council confirms that unauthorized third parties copied some council data from the shared IT environment during the incident. The stolen data may may contain sensitive and personal information, but no details are disclosed. The council is investigating with law enforcement and cyber security agencies.
As of 7th of January 2026, The Royal Borough of Kensington and Chelsea Council reports that the incident exposed the personal details of hundreds of thousands of residents but did not disclose a specific number. The stolen data potentially contained sensitive information that criminals could exploit for targeted scams and social engineering. The council has warned residents to be careful of phishing attempts, suspicious communications, and anyone impersonating council officials requesting sensitive information.
