Trio of authorities serving residents in west and central London have all issued updates, including warning that citizens should be vigilant after the discovery of evidence that data was copied
Inner London councils affected by a significant cyber incident last week have revealed evidence of a data breach and warned residents that full recovery of services and operations could take weeks.
The local authorities for Westminster, the Royal Borough of Kensington and Chelsea (RBKC), and Hammersmith and Fulham (H&F) all indicated that they had been affected by the incident. The former two councils – who are the principal partners in an IT shared-services agreement – are the primary victims of the incident, while the latter, which left the joint arrangement in 2017, has also been impacted to a degree.
Kensington and Chelsea has now announced that “we can confirm that we are now investigating a data breach” – and also, for the first time, described the incident as “a cyberattack”.
“We have now obtained evidence on our systems that shows some data has been copied and then taken away,” said a statement from the council. “At this moment in time, we believe the breach only impacts historical data. It is important to say we still have access to this information, it has not been stolen, but it is possible it could end up in the public domain. As a priority we are checking if this contains any personal or financial details of residents, customers, and service users – but this will take some time.”
During which time, all local residents and other RBKC service users are advised by the council “to be extra vigilant when called, emailed or sent text messages”.
“If you have bought something from us, for example a parking permit, our advice would be to make sure bank and card details are safe and secure, and be vigilant,” the council said.
The authority’s statement warned that, while citizen services are still being provided, it expects “at least two weeks of significant disruption” to delivery.
Westminster, meanwhile, has not given any indication its data was breached but announced on Friday that it is now working closely with its shared-services partner “in order to assess what impact [their data breach] may have on Westminster”.
The central London authority echoed RKBC’s warning that recovery from the incident will take time.
“Restoring systems safely is a complex process,” it said, in an online FAQ document. “It will likely take several weeks to return to full business as usual. Our priority is to do this securely and protect the integrity of all systems so we can continue to deliver services to our residents.”
The document added that “most council services are running, but some may experience delays; we are prioritising critical services, especially for vulnerable residents”.
Related content
- Cybercrime: One in every 1,000 CMA offences were charged in FY25
- Capita given penalty £14m over cyberattack despite urging ICO to apply non-fining public-sector approach
- Central London boroughs seek IT chief to develop joint strategy
The latest update from H&F is clear in its description of the attack as “a cybersecurity incident in a neighbouring council”.
The potential impact to Hammersmith stems from the fact that the authority “shares some legacy systems with” the affected boroughs.
The council said: “We have been informed by the neighbouring council that some archived 2006-2020 data may have been copied but not lost.”
It added: “We quickly identified the risks. We were able to successfully isolate and safeguard our network. We are continuing to undertake a series of enhanced security measures and carefully investigate the impacts on all our systems and services. Currently, there is no evidence of our H&F systems being compromised.”
Despite this, H&F has “as a precautionary measure… temporarily suspended some public-facing applications”, including the ‘My Account’ service for residents to access services.
Experts from the National Cyber Security Centre are supporting the affected councils in responding to the incident.
In an update released two days after the breach was discovered, a statement from RKBC said that the borough had “established the cause of [the] cyber incident… [but] we will not be giving out further details of the incident at this stage because the investigation is continuing with the National Crime Agency and NCSC”.
All three of the affected boroughs are in inner London, with Westminster being home to many of the capital’s most recognisable streets and landmarks, including the Houses of Parliament, Oxford Street, Buckingham Palance and Trafalgar Square. Between them, the three boroughs are home to about 550,000 citizens.
