The Royal Borough of Kensington and Chelsea (RBKC) has activated emergency measures following a significant cyber attack affecting its digital systems. The attack, currently under investigation by the National Crime Agency and GCHQ’s Cyber Security Centre, has also impacted Westminster City Council and Hammersmith and Fulham Council through joint operational arrangements.
RBKC confirmed that the cause of the incident has now been identified and, in some cases, staff have been advised to work from home to limit potential exposure. The council is continuing to assess the extent of the disruption, with some systems, including phone lines, still affected. Alternative contact numbers have been provided on the council’s website, which is itself undergoing maintenance linked to the incident.
Cyber-security expert Nathan Webb told the BBC that personal data “may have been compromised” and urged residents to be cautious about any correspondence relating to the breach. He added that attackers often exploit media coverage of such incidents to target victims further, highlighting the need for vigilance.
An internal RBKC memo seen by the Local Democracy Reporting Service (LDRS) indicates that parts of the council’s network remain closed as a precaution. Staff can still access guest Wi-Fi and mobile hotspots in council offices, but the full restoration of systems is not expected “for some days”. Employees have been reminded to “remain vigilant” while the situation develops.
Webb, principal consultant at Acumen Cyber, emphasised the importance of identifying the organisation behind the compromised systems. “Until we know more about the scale of the incident, and what systems have been impacted, we won’t know how long it will take to mitigate, or which, if any, council services are affected,” he said.
RBKC spokesperson confirmed to the BBC that IT teams had worked overnight to establish the cause of the attack, first detected on Monday. The council is withholding further details while the investigation continues. “Our website is undergoing planned maintenance relating to ongoing management of the incident, so some pages may be in and out across the day and residents may not be able to use our online forms. We are working hard to bring services back online,” the spokesperson added.
The council also stressed its commitment to cybersecurity, noting that it spends over £12 million annually on IT and security measures. Rik Ferguson, from cyber security company Forescout, said the attack highlights how “organisations are seldom in control of their cyber risk” and often share that risk with digitally connected partners. Breaches can therefore escalate from one organisation to affect an entire sector or network of institutions.
BBC Specialist Hub cyber correspondent Joe Tidy suggested the scale of RBKC’s response indicates a serious incident. The council has disconnected servers and services from the internet to prevent further access. “Although an extreme and blunt move, it is often wise to sever the connection of hackers to systems,” Tidy said, referencing a similar approach taken by the Co-op earlier this year, which nevertheless resulted in the theft of private data affecting millions of people.
Residents in the affected boroughs are advised to stay alert and follow guidance from the council. While emergency response measures are in place, the full impact of the cyber attack and the timeline for restoring normal services remain uncertain.
