Multiple London Councils Hit by Cyber Attack, Services Disrupted

Major Cyber Incident Affects London Local Authorities

Multiple London councils, including the Royal Borough of Kensington and Chelsea (RBKC) and Westminster City Council (WCC), are grappling with the fallout from a significant cyber attack that was first identified on Monday, November 24, 2025. The incident has led to widespread disruption of IT systems and essential services across the affected boroughs. The London Borough of Hammersmith and Fulham (LBHF), which shares some IT services with RBKC and WCC, has also been impacted.

Disruption to Services and Data Concerns

The cyber security issue has caused considerable disruption, affecting a 'number of systems' across the organizations, including critical phone lines. In response, councils have activated their business continuity and emergency plans, reallocating resources to manage the incident and ensure the delivery of critical services, particularly to vulnerable residents. Westminster City Council proactively shut down its computer networks as a precautionary measure.

A primary concern is the potential compromise of resident data. Both RBKC and WCC have informed the Information Commissioner's Office (ICO), a standard procedure when data may have been affected. A joint statement from RBKC and WCC noted, 'At this stage it is too early to say who did this, and why, but we are investigating to see if any data has been compromised – which is standard practice'.

Coordinated Response and Ongoing Investigation

The affected councils are working closely with specialist cyber incident experts and the National Cyber Security Centre (NCSC), part of the GCHQ intelligence agency, to protect systems and data, restore functionality, and maintain public services. The Metropolitan Police's Cyber Crime Unit has also launched an investigation following a referral from Action Fraud on November 24.

While the exact nature of the attack has not been fully disclosed, experts suggest it bears 'all the signs of a serious intrusion'. Graeme Stewart, head of public sector at Check Point, was quoted saying, 'What's happening here has all the signs of a serious intrusion: multiple boroughs knocked offline, shared infrastructure exposed, and urgent internal warnings telling staff to avoid emails from partner councils'.

Wider Implications for London Councils

The incident has prompted a heightened state of alert across other London boroughs. Hackney Council, while not directly affected by this specific attack, raised its internal cyber threat level to 'critical' after receiving intelligence that multiple London councils had been targeted within a 24-48 hour period. This follows a separate major cyber attack on Hackney Council in October 2020, which resulted in significant data breaches and service disruptions.