Executive Summary
- The Royal Borough of Kensington and Chelsea, Westminster City Council, and Hammersmith and Fulham are experiencing severe IT disruptions.
- The incident has affected shared services, taking phone lines and online reporting systems offline.
- The National Crime Agency (NCA), National Cyber Security Centre (NCSC), and Metropolitan Police are investigating.
- Cybersecurity experts suggest the incident resembles a ransomware attack, though no group has claimed responsibility.
Three major London councils have been struck by a significant cybersecurity incident that has disabled core services, including telephone lines and digital reporting platforms, according to statements released by local officials. The Royal Borough of Kensington and Chelsea, Westminster City Council, and the London Borough of Hammersmith and Fulham—which operate under a shared IT service framework—confirmed the disruption is impacting their ability to communicate with residents.
A spokesperson for the Royal Borough of Kensington and Chelsea acknowledged the severity of the situation, stating that emergency and business continuity plans have been activated to assist vulnerable residents. The council admitted that officials “don’t have all the answers yet” regarding the scope of the breach. In a formal statement, the council noted it is working in conjunction with the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) to secure their systems.
The Metropolitan Police’s Cyber Crime Unit has launched an investigation into the incident. Council representatives stated that “at this stage it is too early to say who did this, and why,” emphasizing that their immediate priority is determining whether any sensitive data has been compromised. The Information Commissioner’s Office (ICO) has also been notified of the potential breach, adhering to standard regulatory protocols.
Cybersecurity experts have weighed in on the nature of the disruption. Kevin Beaumont, a cybersecurity specialist, criticized the initial characterization of the event as a general IT incident, suggesting that the pattern is consistent with a ransomware attack targeting a shared services provider. Graeme Stewart, head of Check Point, concurred with this assessment, observing that the outage bears “all the signs of a serious intrusion.” As of the time of reporting, no ransomware groups have claimed responsibility for the attack.
Digital Infrastructure Vulnerability
This incident underscores the systemic risks associated with shared IT infrastructure within the public sector. While pooling technological resources between administrative districts offers fiscal efficiency, it creates a single point of failure that can cascade across multiple jurisdictions, as evidenced by the simultaneous disruption of three distinct boroughs. As the National Cyber Security Centre and law enforcement continue their forensic examination, the focus will likely shift to the resilience of municipal contingency plans and the security protocols of third-party service providers responsible for managing critical civic data.
