The Royal Borough of Kensington and Chelsea (RBKC) in west London has activated its emergency protocols in response to a cyber attack.
Reports indicate that this same incident, which is under investigation by the National Crime Agency and the Cyber Security Centre of GCHQ, has also impacted Westminster City Council and Hammersmith and Fulham Council due to their collaborative agreements.
RBKC has confirmed that it has “identified the cause of the cyber incident” and, in certain situations, has recommended that employees work from home.
Cybersecurity specialist Nathan Webb informed the BBC that there is a “chance that personal data may have been compromised” and advised residents in the affected boroughs to exercise caution.
He further remarked that “attackers often leverage public awareness of attacks to target victims more effectively, so any communications related to the incident should be approached with care.”
In a statement, RBKC confirmed that it had notified the Information Commissioner’s Office.
An internal memo from RBKC, obtained by the Local Democracy Reporting Service (LDRS), reveals that the council is maintaining some of its network systems offline as a “precautionary measure.”
The memo indicates that staff still have access to guest wi-fi and mobile hotspots in council offices; however, a complete restoration of all affected systems is not anticipated “for several days.”
It also calls on staff to “remain alert.”
Mr. Webb, a principal consultant at Acumen Cyber, emphasized the need to identify the organization associated with the impacted systems so that “its other clients can take measures to secure their own systems.”
The online security expert expressed approval that the councils had activated their emergency response plans but noted, “Until the extent of the incident and the systems affected are determined, we cannot gauge how long remediation will take or which council services might be impacted.”
A representative from RBKC conveyed to the BBC: “Our IT department has worked throughout the night this week and has now determined the cause of a cyber incident first recognized on Monday.”
They added: “At this stage, we will not be providing further details on the incident as the investigation is ongoing.”
The council mentioned that some systems, including phone lines, remain disrupted due to the attack but have provided alternative contact numbers on their website.
The spokesperson noted: “Our website is undergoing scheduled maintenance related to ongoing incident management, so some pages may be intermittently available today, and residents may not be able to access online forms. We are diligently working to restore services.”
RBKC informed the LDRS that it prioritizes cybersecurity, investing over £12 million each year in IT and security systems.
Rik Ferguson from cybersecurity firm Forescout remarked that the incident underscores how “organizations often lack complete control over their cyber risks.”
He elaborated that companies are “sharing” the risks with others to whom they are digitally connected.
“Such attacks can exploit the financial and operational interdependence of organizations, potentially transforming a breach at one into a widespread crisis affecting the entire sector or local authority,” he added.
BBC Specialist Hub’s cyber correspondent Joe Tidy noted that while the exact nature of the cyber attack on RBKC remains unclear, the response taken suggests “a very serious situation typically reserved for major incidents.”
“The council has evidently made the difficult choice to disconnect servers or services from the internet to prevent hackers from infiltrating the system further,” he remarked.
“We observed a similar strategy implemented by the Co-op supermarket chain earlier this spring.
“While an extreme measure, cutting off the connection to hackers from systems can often be prudent. However, as witnessed with the Co-op, the hackers had already gained access and stolen private data from 6.5 million individuals by the time the disconnection occurred.”
Additional reporting by Adrian Zorzut, Local Democracy Reporting Service.
