At least three London local authorities are struggling with a cyberattack that has paralysed networks, disrupted phone lines, and prompted emergency procedures. Kensington and Chelsea and Westminster — which share some IT systems — issued a statement saying work to recover was their “main priority,” and they were working with partner agencies to do so. Hammersmith & Fulham also said the cyberattack had caused “major disruption.”
What We’re Learning as Councils Contain the Fallout
Officials say they have been able to contain some of the fallout by isolating systems and shifting to manual processes where possible. The councils have not detailed the nature of the attack or who is behind it; however, they said in a statement that vital services continue to be carried out through business continuity plans.
- What We’re Learning as Councils Contain the Fallout
- Services Impacted and Contingencies for Affected Councils
- Investigation and Attribution Efforts Following the Attack
- Why Council Systems Are High-Value Targets for Criminals
- Recent UK Precedents and Costs from Council Attacks
- Guidance for Residents and Businesses During Disruptions
- What Comes Next in Recovery and Restoring Council Services
Kensington and Chelsea said the incident was now believed to be an accident, but added it would not provide further comment at this stage of the investigation with U.K. law enforcement.
All affected authorities said they are investigating to determine whether personal data was compromised, which would influence any reporting to the Information Commissioner’s Office.
Services Impacted and Contingencies for Affected Councils
Public-facing phone lines and online portals are among the systems suffering outages or degradation, which is having an impact on routine activities such as housing enquiries, council tax and benefits queries, and appointment booking. Residents have been told to use emergency contact routes only for emergencies until temporary channels are stood up.
Street-level work such as waste collection may carry on during IT incidents, while back-office casework and payments might slow as staff revert to paper-based or offline processes. Mutual-aid arrangements are often called upon by councils to share capacity and expertise, an approach that has enabled social care and homelessness support to operate during previous cyber incidents.
Investigation and Attribution Efforts Following the Attack
Specialist teams are carrying out a forensic review to establish how the attackers managed to get into the servers, what they saw, and whether any data was taken. Both mayors have also returned to the official stock responses, which are: we’re not going to speculate publicly on attribution while we focus on containment and evidence collection (the advice of the National Cyber Security Centre) — which, as defence strategies go, appears at least half effective given what is known or unknown about the attacks so far.
Most recent U.K. public-sector incidents have involved ransomware, which is a type of malware that encrypts data or systems until a victim pays up, and so-called double extortion, in which criminals both encrypt systems and threaten to leak stolen data. In the event data theft is discovered, law enforcement are to be contacted and given access to affected account information, and victims are to be informed about their rights and what tools are available to them to stop continuing abuse.
Why Council Systems Are High-Value Targets for Criminals
Local authorities hold all manner of sensitive datasets from social care to housing, and revenues and benefits through to electoral services — making them a goldmine for cyber criminals. Tight budgets, legacy platforms, and complex supplier ecosystems are all risk factors; and in shared-service arrangements one breach can straddle multiple bodies.
Supply chain exposure has been a common theme. The highly publicised 2023 breach at outsourcing company Capita that impacted a host of local authorities and pension schemes demonstrated how third-party breaches can ripple into the public sector even when council networks themselves have not been breached directly.
Recent UK Precedents and Costs from Council Attacks
The financial and operational costs of council cyberattacks can be devastating. Redcar and Cleveland Borough Council said it had cost the authority approximately £10.4 million following one such attack in 2020, which saw several months of service disruption and rebuild work. The 2020 ransomware attack on Hackney Council ended up costing the local authority more than £12 million and had a long-lasting impact on its housing services and planning systems.
Other government bodies, including Gloucester City Council, have taken months to fully restore services from cyber incidents, highlighting that recovery frequently requires rebuilding infrastructure, verifying data integrity, and hardening networks — not just decrypting files or applying backups.
Guidance for Residents and Businesses During Disruptions
Residents are warned to beware of phishing emails, texts, and similar messages that may purport to be from council staff asking them to “verify” account details or make urgent payments. Genuine messages will not request full bank details or a password. Keep a record of any urgent requests where online portals are down, and go through usual channels once they’re back up.
Suppliers and businesses that provide services for the impacted councils should check their own log-ins, change passwords, and look out for suspicious activity on other company web portals or email accounts. The NCSC advises turning on multi-factor authentication and reviewing remote access policies after any breach via a partner.
What Comes Next in Recovery and Restoring Council Services
Look for applications to be restored in phases, with essential services coming back first and lower-risk systems following after security reviews. The councils announced that updates would be provided as the forensics continued. Concurrently, internal investigations and the involvement of external incident-response experts are likely to shape longer-term investments in resilience across common IT estates.
This incident will put even more pressure on local government to speed up patching, network segmentation, and offline recovery testing at scale. The NCSC and Local Government Association have long called on councils to invest in cyber hygiene and supplier risk management — an appeal that takes on renewed meaning as multiple London boroughs work to restore services safely.