A sophisticated cyberattack has allegedly compromised sensitive data from the Royal Borough of Kensington and Chelsea (RBKC), sparking a major security breach. It is believed that the attack was carried out by state-sponsored hackers, who successfully infiltrated the council’s systems and extracted data concerning approximately 147,500 residents.
While the full scope of the breach remains unclear, the RBKC IT team has not yet confirmed whether highly sensitive details, such as financial information, were specifically accessed or stolen. However, there are concerns that the attackers may have copied the data in an encrypted form, which could potentially include payment details or other personal information.
In response to the breach, the National Cyber Security Centre (NCSC) has been called in to investigate. This follows a series of complaints received by the Action Fraud Centre from concerned residents. As a precaution, law enforcement agencies have urged the public to be particularly cautious when receiving unsolicited links through emails or text messages, and to regularly monitor their bank statements for any unusual activity.
The cyberattack appears to be part of a larger wave of incidents, with both the Westminster City Council and the Borough of Hammersmith and Fulham also reporting similar breaches of their servers. These attacks have caused significant disruption, including partial outages in essential communication services, such as phone lines between local coun
Royal Borough of Kensington and Chelsea cybersecurity rating report: https://www.rankiteo.com/company/royal-borough-of-kensington-and-chelsea
"id": "ROY1764576073",
"linkid": "royal-borough-of-kensington-and-chelsea",
"type": "Cyber Attack",
"date": "12/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'incident': {'affected_entities': [{'customers_affected': '147,500 residents',
'industry': 'public administration',
'location': 'London, UK',
'name': 'Royal Borough of Kensington and '
'Chelsea (RBKC)',
'size': None,
'type': 'local government council'},
{'customers_affected': None,
'industry': 'public administration',
'location': 'London, UK',
'name': 'Westminster City Council',
'size': None,
'type': 'local government council'},
{'customers_affected': None,
'industry': 'public administration',
'location': 'London, UK',
'name': 'Borough of Hammersmith and '
'Fulham',
'size': None,
'type': 'local government council'}],
'customer_advisories': 'residents advised to monitor bank '
'statements and avoid suspicious '
'communications',
'data_breach': {'data_encryption': 'potentially encrypted during '
'exfiltration',
'data_exfiltration': True,
'file_types_exposed': None,
'number_of_records_exposed': '147,500',
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (includes personal '
'and potentially '
'financial data)',
'type_of_data_compromised': ['personal '
'information',
'potentially '
'encrypted data '
'(e.g., payment '
'details)']},
'description': 'A sophisticated cyberattack allegedly '
'compromised sensitive data from the Royal '
'Borough of Kensington and Chelsea (RBKC), with '
'state-sponsored hackers infiltrating the '
'council’s systems and extracting data concerning '
'approximately 147,500 residents. The full scope '
'of the breach remains unclear, but concerns '
'exist that encrypted data—potentially including '
'payment details or other personal '
'information—may have been copied. The National '
'Cyber Security Centre (NCSC) is investigating, '
'following complaints to the Action Fraud Centre. '
'Law enforcement has advised residents to monitor '
'bank statements and avoid unsolicited links. The '
'attack is part of a broader wave targeting local '
'councils, including Westminster City Council and '
'Hammersmith and Fulham, causing disruptions in '
'essential communication services.',
'impact': {'brand_reputation_impact': 'potential reputational '
'damage due to breach and '
'public advisory',
'conversion_rate_impact': None,
'customer_complaints': 'reports to Action Fraud '
'Centre from concerned '
'residents',
'data_compromised': ['personal information',
'potentially encrypted payment '
'details'],
'downtime': 'partial outages in essential '
'communication services (e.g., phone '
'lines)',
'financial_loss': None,
'identity_theft_risk': 'high (due to potential '
'exposure of personal data)',
'legal_liabilities': None,
'operational_impact': 'significant disruption to '
'council operations and '
'communication',
'payment_information_risk': 'potential (unconfirmed '
'if accessed or stolen)',
'revenue_loss': None,
'systems_affected': ['council systems',
'communication services (partial '
'outages)']},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': ['resident data',
'potential '
'financial '
'information'],
'reconnaissance_period': None},
'investigation_status': 'ongoing (NCSC involved)',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'public advisory to '
'monitor bank statements '
'and avoid unsolicited '
'links',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': ['National Cyber Security '
'Centre (NCSC)']},
'stakeholder_advisories': 'law enforcement urged public caution '
'regarding unsolicited links and bank '
'monitoring',
'threat_actor': 'state-sponsored hackers (alleged)',
'title': 'Cyberattack on the Royal Borough of Kensington and '
'Chelsea (RBKC)',
'type': ['data breach',
'cyberattack',
'potential state-sponsored attack']}}