Four London councils have been hit by cyber attacks in the past few days.
Kensington and Chelsea; Hackney; Westminster; both Hammersmith and Fulham experienced problems with their IT systems, and some services to the public, including telephone line services, were also affected.
Royal Borough of Kensington and Chelsea and Westminster City Council published a statement yesterdayconfirming that they are responding to the safety issue.
They said they are collaborating with National Cyber Security Center to protect systems and data, restore systems, and maintain critical services to the public.
They said their IT teams worked through the night from Monday to Tuesday, November 24-25, and “successful mitigation measures were implemented.”
The councils say they have informed Information Commissioner's Officein accordance with all relevant protocols. “We do not have all the answers yet as the investigation into this incident is still ongoing,” they added. “At this stage it is too early to say who did this or why, but we are investigating to see if any data was compromised.”
The attacks were first reported by the newspaper BBC. Hackney Council said it had raised the cybersecurity threat level to “critical” and called on staff to help protect residents' data, while Westminster City Council said people were struggling to contact it.
Precautions
The two councils share IT services with Hammersmith and Fulham. He has said: “We continue to take precautions to test, isolate and secure our networks. We are working to resolve the issue as quickly as possible and apologize for the inconvenience.”
Cybersecurity experts from the IT industry reached out to Computer Weekly for comment. John Abbott, co-founder and CEO of cybersecurity controls provider ThreatAware, said: “Local councils manage mission-critical functions and store a wealth of personal data, from tax records to personal IDs, making them attractive targets for cybercriminals. That's why it's so important to have security basics in place.
“This data is very sensitive, which increases the likelihood of serious consequences if it is breached,” he said. “Cyber attacks on such organizations not only result in data loss, but can also undermine public trust.
“Many councils operate under tight budget constraints, limiting their ability to invest in the latest cybersecurity technology or even maintain sufficient staffing levels for their IT security teams.”
Megha Kumar, director of product at cybersecurity consulting firm CyXcel, pointed to a likely point of attack.
“Initial evidence suggests that the entry point was through the common IT infrastructure used by the three-borough agreement,” she said. “Experts believe the attackers used stolen credentials or similar methods to move laterally between interconnected systems, a common risk when multiple organizations use the same core platform.
“This incident shows that shared services that save money can create single points of failure,” Kumar added. “This incident once again highlights that hackers are targeting the weakest link in an organization’s cybersecurity, and increasingly, that is their supply chain.”
Spencer Starkey, executive vice president of SonicWall EMEA, said: “Cyber-attacks in 2026 will increasingly attempt to undermine public trust in digital government services by targeting UK government agencies. Local authorities with legacy systems and where IT teams are already struggling with budgets face ongoing attacks aimed at disrupting essential civic services. These attacks will have a second-order impact, slowing down the delivery of services to millions of people and creating long-term administrative delays that will exceed all expectations.
In this case, if residents' data is compromised, it could be used for phishing attacks and scams such as fuel payment scams, especially as winter approaches.
“While the decision to shut down networks was a precautionary measure to mitigate the impact, this type of action is possible without shutting down vital services on which thousands of people depend. We need to reach a point where organizations in both the public and private sector can contain and withstand cyber attacks with minimal disruption to operations.”
And Rob Demaine, CEO of managed threat detection service provider e2e-assure, said: “As three London councils were affected at the same time, the most plausible explanation is that a common service provider was compromised, rather than each council being individually attacked. When outages affect multiple organizations at the same time, it often points to an MSP or other common provider as the root cause.”
London councils are just the latest local government target area for cyber attacks. Earlier this year Oxford City Council it was revealed that hackers gained access to the personal information of election officials from 2001 to 2022.
