The Royal Borough of Kensington and Chelsea (RBKC), along with Westminster City Council (with shared IT infrastructure), suffered a cyber-attack that disrupted critical systems, including phone lines and online services like council tax and parking fine payments. Emergency response plans were activated, and the National Crime Agency (NCA) and National Cyber Security Centre (NCSC) were involved in the investigation. While the cause was identified, the extent of data compromise remains unclear, though the attack forced system shutdowns to mitigate further damage. Over **500,000 London residents** were potentially affected due to the councils' service disruptions. The incident drew parallels to the 2020 Hackney Council ransomware attack, which encrypted **440,000 files** and led to an ICO reprimand. RBKC emphasized ongoing efforts to restore systems and protect vulnerable residents, though delays in public services persisted. The attack’s broader implications include heightened alerts across other London councils, signaling a coordinated targeting of municipal infrastructure.
Royal Borough of Kensington and Chelsea cybersecurity rating report: https://www.rankiteo.com/company/royal-borough-of-kensington-and-chelsea
"id": "ROY2992429112625",
"linkid": "royal-borough-of-kensington-and-chelsea",
"type": "Cyber Attack",
"date": "6/2020",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': 'Residents (exact number '
'unspecified; part of >500,000 '
'Londoners served by the three '
'councils)',
'industry': 'Public Sector',
'location': 'London, UK',
'name': 'Royal Borough of Kensington and Chelsea '
'(RBKC)',
'type': 'Local Government'},
{'customers_affected': 'Residents (exact number '
'unspecified; part of >500,000 '
'Londoners served by the three '
'councils)',
'industry': 'Public Sector',
'location': 'London, UK',
'name': 'Westminster City Council',
'type': 'Local Government'},
{'customers_affected': 'Residents (exact number '
'unspecified; part of >500,000 '
'Londoners served by the three '
'councils)',
'industry': 'Public Sector',
'location': 'London, UK',
'name': 'London Borough of Hammersmith and Fulham',
'type': 'Local Government'}],
'customer_advisories': ['Council tax and parking fine services limited (RBKC)',
'Website instability expected (RBKC)'],
'data_breach': {'data_exfiltration': 'Under investigation (standard '
'practice)'},
'date_detected': '2024-03-11T00:00:00Z',
'date_publicly_disclosed': '2024-03-13T00:00:00Z',
'description': 'Three London councils (Royal Borough of Kensington and '
'Chelsea, Westminster City Council, and Hammersmith & Fulham) '
'reported a cyber-attack affecting shared IT infrastructure. '
'Systems including phone lines were disrupted, and emergency '
'plans were activated. The National Crime Agency (NCA) and '
'National Cyber Security Centre (NCSC) are investigating '
'potential data compromise. Services like council tax and '
'parking fines were impacted, with ongoing restoration '
'efforts.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'service disruptions and historical '
'context (e.g., 2020 Hackney attack)',
'downtime': ['Ongoing as of 2024-03-13 (services limited)',
'Website fluctuations on 2024-03-13'],
'operational_impact': ['Delayed responses to residents',
'Disruption to critical services (e.g., '
'support for vulnerable residents)',
'Activation of business '
'continuity/emergency plans'],
'systems_affected': ['Phone lines',
'Council tax billing systems',
'Parking fine payment systems',
'Website (intermittent downtime)',
'Shared IT infrastructure']},
'investigation_status': 'Ongoing (NCA and NCSC involved; cause identified but '
'not disclosed)',
'references': [{'date_accessed': '2024-03-13',
'source': 'The Guardian',
'url': 'https://www.theguardian.com/uk-news/2024/mar/13/three-london-councils-hit-by-cyber-attack'}],
'regulatory_compliance': {'regulatory_notifications': ['Information '
'Commissioner’s Office '
'(ICO) notified']},
'response': {'communication_strategy': ['Public statements acknowledging the '
'incident (RBKC, Westminster)',
'Commitment to updates for '
'residents/partners',
'Apology for service delays '
'(Westminster)'],
'containment_measures': ['Shut down several computerised systems',
'Business continuity/emergency plans '
'invoked'],
'incident_response_plan_activated': True,
'law_enforcement_notified': ['National Crime Agency (NCA)',
'Information Commissioner’s Office '
'(ICO)'],
'recovery_measures': ['Engineers worked overnight (2024-03-11 to '
'2024-03-12)',
'Focus on restoring critical services'],
'remediation_measures': ['Security fixes applied (e.g., website '
'fluctuations during updates)',
'Collaboration with NCSC for system '
'restoration'],
'third_party_assistance': ['Specialist cyber-incident experts',
'National Cyber Security Centre '
'(NCSC)']},
'stakeholder_advisories': ['Residents advised of potential service delays '
'(RBKC, Westminster)',
'Updates promised as investigation progresses'],
'title': 'Cyber-Attack on Three London Councils (RBKC, Westminster, and '
'Hammersmith & Fulham)',
'type': 'Cyber-Attack (Suspected Ransomware or Disruptive Attack)'}