Three London borough councils—Kensington and Chelsea, Westminster, and Hammersmith & Fulham—are responding to a significant cyber incident that has forced officials to shut down internal networks, suspend phone systems, and activate emergency continuity plans. While essential public services remain operational, online portals and communication channels are severely impacted. The councils have not disclosed the nature of the attack, and investigations involving UK law enforcement are ongoing.

Local government bodies in the UK manage critical services such as housing, waste collection, social care, and public assistance programs. Their IT systems store sensitive personal information and support essential operations. Due to constrained budgets, aging infrastructure, and reliance on third-party providers, local authorities increasingly face cybersecurity pressures similar to those seen in healthcare and education sectors.

The London boroughs of Kensington and Chelsea and Westminster share a joint IT environment, meaning disruptions can quickly cascade across boundaries. Hammersmith & Fulham operates separately but confirmed it is experiencing related impacts.

Officials confirmed widespread network disruptions affecting:

In response, councils activated emergency protocols aimed at maintaining core services for residents—including social care, housing support, and frontline operations.

Kensington and Chelsea reported that the cause of the cyberattack has been “established,” but withheld further details due to active investigations with UK law enforcement and cybersecurity specialists. No council has yet confirmed whether data was stolen.

While specific indicators of compromise have not been released, the operational impact is consistent with:

Councils’ decision to suspend access suggests defenders are attempting to contain lateral movement, preserve forensic evidence, and prevent further compromise.

The attack affects three densely populated London boroughs, creating:

If data was accessed or stolen, the long-term impact on residents could include risks such as fraud, identity misuse, and targeted scams.

Local governments manage some of the most sensitive citizen information but often operate with limited cybersecurity resources. Joint-service environments, while cost-effective, broaden potential blast radius when attackers gain access.

The incident underscores the growing frequency and sophistication of attacks targeting municipal systems across Europe and the UK.

Cybersecurity analysts note that while law enforcement involvement suggests a serious incident, councils’ reluctance to disclose details indicates a careful balance between transparency and operational security.

Experts emphasize that: