Multiple London Councils Hit by Coordinated Cyberattack, Services Disrupted
Published on November 27, 2025
Key Takeaways
- Multi-council impact: A cyberattack has affected at least three London councils: the RBKC, Westminster City Council, and Hammersmith and Fulham Council.
- National investigation: The incident is being investigated by the National Crime Agency (NCA) and GCHQ's National Cyber Security Centre (NCSC).
- Service disruption: The attack has caused disruptions to council systems, including phone lines, and prompted RBKC to advise staff to work away from council offices.
A significant cyber incident has impacted the shared IT services of several West London councils, leading to service disruptions and a high-level investigation. The Royal Borough of Kensington and Chelsea (RBKC) confirmed the attack, which also affects two councils due to their joint IT arrangements.
Investigation and Data Breach Concerns
The London council cyberattack is now under investigation by both the National Crime Agency and GCHQ's National Cyber Security Centre, affecting the:
- Royal Borough of Kensington and Chelsea (RBKC),
- Westminster City Council,
- Hammersmith and Fulham Council.
RBKC has confirmed that it has established the cause of the incident and has informed the Information Commissioner's Office (ICO), a standard procedure when personal data may be at risk, according to the BBC.
“Personal data may have been compromised," cybersecurity expert Nathan Webb, principal consultant at Acumen Cyber, told the BBC.
While the full extent of the Westminster council data breach and the Hammersmith and Fulham cyber breach is not yet known, Webb urged residents to be vigilant for any suspicious correspondence related to the incident.
Operational Impact and Expert Analysis
The attack has disrupted some council systems and phone lines, and RBKC has directed residents to alternative contact numbers on its website. An internal memo indicated that a full restoration of all systems may take several days.
In response to the RBKC cyber incident, the council has activated its emergency plans to maintain critical services but advised staff to work remotely as a precautionary measure while parts of its network remain closed.
This cascading impact of supply chain attacks within public sector services was seen recently in several incidents, including the CrowdStrike npm packages incident and the SitusAMC cyberattack that exposed major banks’ customer data.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular