Three London councils are responding to a major cybersecurity incident that has disrupted public services and triggered alerts across the capital.
The Royal Borough of Kensington and Chelsea (RBKC), Westminster City Council (WCC), and Hammersmith and Fulham Council confirmed on Tuesday evening (November 25) that they were investigating a serious Account Takeover Fraud–related cyber issue affecting shared systems.
The situation has raised concerns as local authorities increase monitoring and coordinate with national agencies to understand the scale of the London councils cyberattack.
London Councils Confirm Cybersecurity Incident
RBKC issued an official statement revealing that both its systems and those of Westminster City Council were impacted by what it described as a “cyber security issue.” The London councils cyberattack incident, detected early on Monday morning (November 24), prompted both councils to notify the UK Information Commissioner’s Office (ICO) and work closely with the National Cyber Security Centre (NCSC) and specialist cyber incident responders.
Officials said the focus remains on securing systems, protecting data, and restoring essential services.
The first public indication of disruption came when RBKC posted on X around 1pm on Monday, warning of “system issues” affecting online services. By Tuesday morning, the council described the situation as a “serious IT issue,” confirming wider service interruptions as investigations continued.
WCC issued a similar update, explaining that its computer networks were temporarily shut down as a precaution. The council apologised to residents for the inconvenience but emphasised that immediate action was necessary to prevent further impact. “We are taking swift and effective action to bring all our systems back online as soon as possible,” the council stated on its website. Emergency contact numbers were provided for urgent issues.
Multiple London Authorities Heighten Threat Levels
In the wake of the London councils cyberattack, Hackney Council circulated an internal “urgent communication,” warning staff that intelligence indicated multiple London councils had been targeted by cyberattacks within the last 24 to 48 hours. As a result, the borough escalated its internal cyber threat level to Critical. Hackney officials have experience responding to major cybersecurity incidents, following a severe attack in 2020 that affected hundreds of thousands of residents and staff.
Hammersmith and Fulham Council also reported that it had responded to a serious cybersecurity incident, although the local authority stated that, so far, there was no evidence that its systems had been breached.
Across the affected boroughs, several IT systems, online portals, and phone lines remain disrupted. To maintain essential services, councils activated business continuity and emergency plans, prioritising support for vulnerable residents. Additional staff have been assigned to monitor phone lines and emails while restoration work continues.
Authorities Investigating Potential Data Exposure
RBKC and WCC noted that it is still too early to determine the root cause, the extent of the incident, or whether any personal data has been compromised. However, officials confirmed that investigations are underway to determine whether the attack involved techniques similar to Account Takeover Fraud or other targeted compromise attempts.
“We don’t have all the answers yet,” RBKC said, “but we know people will have concerns, so we will be updating residents and partners further over the coming days.”
Council IT teams worked overnight on Monday to apply several mitigation measures, and officials said they remain vigilant for any potential follow-up attempts.
National Agencies Monitoring the Situation
A spokesperson for the National Cyber Security Centre confirmed awareness of the incident and said the agency is “working to understand any potential impact.” The NCSC continues to support local authorities in managing the wider threat.
The Metropolitan Police Cyber Crime Unit also confirmed it received a referral from Action Fraud on Monday following reports of a suspected cyber-attack against several London borough councils. “Enquiries remain in the early stages,” a spokesperson said, adding that no arrests have been made so far.
All affected councils apologised for the disruption and urged residents to expect delays in accessing some services. They also committed to providing further updates as system recovery progresses. For concerns related to Westminster or Hammersmith and Fulham, residents were advised to contact those authorities directly.
