Cybersecurity Incident Hits Three London Councils
Three councils in London—Royal Borough of Kensington and Chelsea (RBKC), Westminster City Council (WCC), and Hammersmith and Fulham Council—are diligently addressing a significant cybersecurity incident that has been affecting public services across the capital. This alarming situation, confirmed on the evening of November 25, involves serious Account Takeover Fraud-related cyber issues impacting shared systems among the councils.
Investigation Underway Following Cyber Incident
The RBKC released a statement outlining that both its own and Westminster’s systems fell victim to what is described as a “cyber security issue.” Detection of this incident occurred early on Monday morning, November 24. Consequently, both councils have taken immediate action by reporting the matter to the UK Information Commissioner’s Office (ICO). They are also collaborating with the National Cyber Security Centre (NCSC) and cyber incident response specialists to assess the situation. The councils’ current priorities include safeguarding systems, protecting sensitive data, and restoring vital services.
The initial sign of trouble arose around midday on November 24, when RBKC tweeted about “system issues” affecting online services. By Tuesday morning, the situation was clarified, with officials labeling it a “serious IT issue” that caused broader service disruptions as investigations progressed.
Service Interruptions and Communication from Authorities
WCC announced that their computer networks would be temporarily disabled as a precautionary measure. They issued an apology to residents for the disturbance while stressing that swift actions were necessary to mitigate further impacts. “We are taking swift and effective action to bring all our systems back online as soon as possible,” noted the council’s website, providing emergency contact numbers for urgent matters.
In the wake of this cyberattack, Hackney Council also circulated an internal warning, informing staff that multiple councils across London were being targeted within the past 24 to 48 hours. The borough has escalated its internal cyber threat level to Critical, recalling its experience from a significant attack in 2020 that had consequences for many residents and staff members.
Ongoing Threat Assessments and Actions
Hammersmith and Fulham Council reported responding to a serious cybersecurity incident. However, they indicated that there’s currently no evidence of a breach to their systems. Various IT systems, online platforms, and phone lines across the affected boroughs continued to experience disruptions. To ensure the continuity of essential services, the councils activated emergency plans that prioritized support for vulnerable residents. Additional staff members have been assigned to handle phone lines and emails while restoration efforts are underway.
Investigation into Data Security Risk
Both RBKC and WCC have acknowledged that it is too early to ascertain the root cause or the extent of the attack, including whether personal data might be at risk. Officials are investigating to determine if techniques associated with Account Takeover Fraud or other targeted attacks were employed. “We don’t have all the answers yet,” RBKC stated, “but we understand the concerns of our residents and will provide updates as we learn more in the coming days.”
The IT teams worked throughout Monday night implementing various mitigation measures, and officials are remaining vigilant against any potential follow-up attacks.
Monitoring by National Agencies
The National Cyber Security Centre is aware of the incident and is actively working to assess the potential impact. They are providing essential support to local authorities to manage the ongoing threat effectively.
Furthermore, the Metropolitan Police Cyber Crime Unit confirmed they have received a referral from Action Fraud regarding the suspected cyber-attack on multiple London councils. The inquiry remains in its early stages, and no arrests have been reported so far.
All affected councils have apologized for the inconvenience caused and are advising residents to anticipate delays when accessing certain services. They committed to providing further updates as the recovery process continues, encouraging residents with specific concerns about Westminster or Hammersmith and Fulham to reach out directly to those councils.
