The **Royal Borough of Kensington and Chelsea (RBKC)** experienced a **serious cybersecurity incident** involving **Account Takeover Fraud**, disrupting critical public services and shared IT systems across multiple London councils, including **Westminster City Council (WCC)**. The attack, detected on **November 24**, forced RBKC and WCC to **shut down computer networks**, notify the **UK Information Commissioner’s Office (ICO)**, and collaborate with the **National Cyber Security Centre (NCSC)** for mitigation. Online portals, phone lines, and essential services were severely disrupted, requiring activation of **business continuity plans** to support vulnerable residents. While investigations remain ongoing, authorities have not yet confirmed whether **personal data was compromised**, but the incident triggered a **Critical threat level** across other London boroughs, including **Hackney Council**, which had previously suffered a major cyberattack in 2020. The **Metropolitan Police Cyber Crime Unit** is involved, though no arrests have been made. The attack’s **scale and coordination** suggest a **targeted, high-impact breach** affecting governance, public trust, and operational stability, with potential long-term repercussions for **municipal cybersecurity resilience** in the region.
Source: https://thecyberexpress.com/london-councils-cyberattack/
Royal Borough of Kensington and Chelsea cybersecurity rating report: https://www.rankiteo.com/company/royal-borough-of-kensington-and-chelsea
"id": "ROY3492934112625",
"linkid": "royal-borough-of-kensington-and-chelsea",
"type": "Cyber Attack",
"date": "6/2020",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'industry': 'Public Sector',
'location': 'London, UK',
'name': 'Royal Borough of Kensington and Chelsea '
'(RBKC)',
'type': 'Local Government'},
{'industry': 'Public Sector',
'location': 'London, UK',
'name': 'Westminster City Council (WCC)',
'type': 'Local Government'},
{'industry': 'Public Sector',
'location': 'London, UK',
'name': 'Hammersmith and Fulham Council',
'type': 'Local Government'}],
'customer_advisories': ['Apologies issued for disruption',
'Regular updates promised as recovery progresses'],
'date_detected': '2024-11-24T00:00:00Z',
'date_publicly_disclosed': '2024-11-25T18:00:00Z',
'description': 'Three London councils (Royal Borough of Kensington and '
'Chelsea, Westminster City Council, and Hammersmith and Fulham '
'Council) are responding to a serious Account Takeover '
'Fraud–related cyber incident disrupting public services. The '
'incident was detected on November 24, 2024, prompting system '
'shutdowns, coordination with national agencies (NCSC, ICO), '
'and activation of business continuity plans. Investigations '
'are ongoing to determine the root cause, extent, and '
'potential data exposure. Multiple IT systems, online portals, '
'and phone lines remain disrupted, with councils prioritizing '
'support for vulnerable residents.',
'impact': {'brand_reputation_impact': ['Potential reputational damage due to '
'service disruptions'],
'downtime': 'Ongoing (as of 2024-11-25)',
'operational_impact': ['Disruption of public services',
'Activation of business continuity plans',
'Prioritization of vulnerable resident '
'support',
'Increased monitoring',
'Temporary shutdown of computer networks'],
'systems_affected': ['IT systems',
'online portals',
'phone lines',
'shared systems']},
'investigation_status': 'Ongoing (early stages, root cause and extent not yet '
'determined)',
'references': [{'date_accessed': '2024-11-25',
'source': 'Royal Borough of Kensington and Chelsea (RBKC) '
'Official Statement'},
{'date_accessed': '2024-11-25',
'source': 'Westminster City Council (WCC) Website Update'},
{'date_accessed': '2024-11-25',
'source': 'Hammersmith and Fulham Council Announcement'},
{'date_accessed': '2024-11-25',
'source': 'National Cyber Security Centre (NCSC) Statement'},
{'date_accessed': '2024-11-25',
'source': 'Metropolitan Police Cyber Crime Unit Statement'}],
'regulatory_compliance': {'regulatory_notifications': ['UK Information '
'Commissioner’s Office '
'(ICO)']},
'response': {'communication_strategy': ['Public statements via X (formerly '
'Twitter) and council websites',
'Emergency contact numbers provided',
'Regular updates promised to '
'residents'],
'containment_measures': ['Temporary shutdown of computer '
'networks',
'Increased monitoring',
'Mitigation measures applied overnight'],
'enhanced_monitoring': True,
'incident_response_plan_activated': True,
'law_enforcement_notified': ['UK Information Commissioner’s '
'Office (ICO)',
'Metropolitan Police Cyber Crime '
'Unit (via Action Fraud referral)'],
'recovery_measures': ['Restoration of essential services',
'Business continuity plans',
'Additional staff assigned to monitor '
'communications'],
'third_party_assistance': ['National Cyber Security Centre '
'(NCSC)',
'Specialist cyber incident '
'responders']},
'stakeholder_advisories': ['Residents advised to expect delays in accessing '
'services',
'Emergency contact numbers provided for urgent '
'issues'],
'title': 'Major Cybersecurity Incident Affecting Three London Councils (RBKC, '
'WCC, Hammersmith and Fulham)',
'type': ['Account Takeover Fraud', 'Cyberattack']}