A suspected cyberattack has severely disrupted IT systems across three central London councils, impacting vital public services and communications.
Quick Summary – TLDR:
- Kensington and Chelsea, Westminster, and Hammersmith and Fulham councils have all been hit by a cybersecurity incident.
- The attack has affected shared IT infrastructure, including phone lines and online services.
- Emergency plans have been activated to maintain critical services while investigations continue.
- Authorities are working with the National Cyber Security Centre and have notified the Information Commissioner’s Office.
What Happened?
A coordinated cyberattack is believed to have targeted shared IT systems used by the Royal Borough of Kensington and Chelsea (RBKC), Westminster City Council (WCC), and the London Borough of Hammersmith and Fulham (LBHF). The incident, identified on Monday, led to widespread IT outages, forcing the councils to invoke emergency protocols to ensure essential services remained operational.
Authorities say it is too early to determine who was behind the attack or their motives, but they are investigating whether any personal data has been compromised.
We are aware of an issue which will affect your ability to contact us, either via our contact centre, or online through services such as Report It. We apologise for any inconvenience caused and are communicating with our partners to understand when we should expect services to… pic.twitter.com/k27eMY4JwA
— Westminster City Council (@CityWestminster) November 25, 2025
Impacted Councils Take Emergency Action
Both RBKC and WCC acknowledged that many systems were affected, including their phone lines and online services. The councils jointly stated they are working with specialist cyber incident experts and the National Cyber Security Centre (NCSC) to contain the incident and restore services.
In a shared statement, the councils said:
Key measures taken include:
- Diverting additional resources to manage public communications.
- Invoking business continuity plans to maintain critical services.
- Notifying the Information Commissioner’s Office (ICO) about the potential data breach.
The London Borough of Hammersmith and Fulham, which shares parts of the same IT infrastructure, described the issue as a “serious cybersecurity incident”. It has taken precautionary steps to isolate its networks and issued warnings to staff about email and chat communications.
An internal memo advised employees:
Metropolitan Police and ICO Involved
The Metropolitan Police Cyber Crime Unit is now involved following a referral from Action Fraud. The investigation is still in its early stages and no arrests have been made.
The ICO’s involvement further signals the potential seriousness of the breach, suggesting that sensitive resident or staff data may have been at risk. Cybersecurity expert Nathan Webb noted that informing the ICO typically means “there is a possibility personal data may have been compromised.”
He also warned residents and council staff to be alert:
History of Previous Attacks Raises Concerns
This incident has triggered memories of the 2020 Hackney Council cyberattack, which exposed the data of over 280,000 residents and encrypted 440,000 files. Hackney is not directly affected this time but has raised its cybersecurity threat level to ‘critical’ and warned its staff of potential phishing and social engineering attempts.
Mayor of London Sadiq Khan acknowledged the growing cyber threats, stating:
SQ Magazine Takeaway
This one hits close to home. When councils serving over half a million Londoners are taken offline by a cyberattack, it’s not just about websites going down. It affects real people who need real services. From housing support to emergency contact lines, these are critical lifelines. What’s even more troubling is how interconnected our public digital infrastructure has become, meaning one weak point can trigger a domino effect. I’m glad to see a swift response, but this is another loud wake-up call. We need more than patches and apologies, we need resilient systems built for a world where digital threats are only getting smarter.
