Three boroughs near the heart of the capital have shut down some systems warned local residents that services may be impacted for the foreseeable future in light of apparent attack
Services and systems across three inner London borough councils have been taken down by a cyber incident.
Authorities representing Westminster, the Royal Borough of Kensington and Chelsea (RBKC), and Hammersmith and Fulham (H&F) yesterday all announced that they had been affected by the issue.
Westminster and RBKC are the principal partners in a long-standing IT shared services arrangement, while H&F – although it formally departed a tri-borough agreement with the other two councils in 2017 – also continues to use of these aggregated services.
H&F issued a brief update on its website stating that the authority is “continuing to take precautionary measures to review, isolate and protect our networks [and] are working to fix the problem as quickly as possible and we apologise for the inconvenience”.
A temporary header on RKBC’s website currently says that the organisation is “experiencing a cyber incident affecting a number of services”, while Westminster’s site instructs visitors that “due to a cybersecurity issue, we’ve temporarily shut down our computer networks as precaution”.
In a much longer joint statement, the core shared-service partners of Westminster and RKBC said that “we know a number of systems are impacted across both organisations, including phonelines”.
The two councils said they are “diverting more resources to manage this incident and monitor emails and phone lines, and the councils have invoked business continuity and emergency plans to ensure we are still delivering critical services to residents, focusing on supporting the most vulnerable”.
Related content
- Cybercrime: One in every 1,000 CMA offences were charged in FY25
- Capita given penalty £14m over cyberattack despite urging ICO to apply non-fining public-sector approach
- Central London boroughs seek IT chief to develop joint strategy
Residents with urgent issues were pointed towards emergency phone line numbers and were warned that there is likely to be ongoing “delays in responses and the services we provide over the coming days”.
“Today we are letting partners and residents know what has happened, we are informing the Information Commissioners’ Office, in line with following all the relevant protocols,” the statement added. “We don’t have all the answers yet, as the management of this incident is still ongoing. But we know people will have concerns, so we will be updating residents and partners further over the coming days. At this stage it is too early to say who did this, and why, but we are investigating to see if any data has been compromised – which is standard practice. Our IT teams worked through the night [on Monday] and a number of successful mitigations were put in place, and we remain vigilant should there be any further incidents or issue.”
As well as the affected authorities’ own technology staff, experts from the National Cyber Security Centre are also supporting incident response, according to Westminster and RBKC.
“We will continue working with our cyber specialists and the NCSC to restore all systems as quickly as possible, and we will be in touch with more information as it becomes available,” the councils added. “If there are any further changes to services, we endeavour to keep everyone updated.”
All three of the affected boroughs are in inner London, with Westminster being home to many of the capital’s most recognisable streets and landmarks, including the Houses of Parliament, Oxford Street, Buckingham Palance and Trafalgar Square.
Between them, the three boroughs are home to about 550,000 citizens.
