Kensington and Chelsea Council, along with Westminster and other London boroughs, was struck by a cyber attack on Monday, disrupting shared IT systems and phone lines. The council activated emergency and business continuity plans to maintain critical services, particularly for vulnerable residents. While the source and full scale of the attack remain unclear, initial mitigations were deployed, including collaboration with the National Cyber Security Centre (NCSC). The incident caused a multi-hour outage of essential services, such as call centers, with full system restoration not expected before the end of the week. The attack originated from Kensington and Chelsea’s network, which shares infrastructure with neighboring authorities. Staff were warned about phishing risks, and the Information Commissioner’s Office was notified. The disruption echoes a 2020 Hackney Council breach, where 440,000 files were encrypted, highlighting persistent vulnerabilities in local government cybersecurity. No confirmed data compromise has been reported yet, but investigations are ongoing.
Source: https://uk.news.yahoo.com/major-london-councils-initiate-emergency-185609430.html
Royal Borough of Kensington and Chelsea cybersecurity rating report: https://www.rankiteo.com/company/royal-borough-of-kensington-and-chelsea
"id": "ROY4633046112625",
"linkid": "royal-borough-of-kensington-and-chelsea",
"type": "Cyber Attack",
"date": "6/2020",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': 'Residents (critical services '
'impacted)',
'industry': 'Public Sector',
'location': 'London, UK',
'name': 'Westminster City Council',
'type': 'Local Government'},
{'customers_affected': 'Residents (call center and '
'critical services disrupted)',
'industry': 'Public Sector',
'location': 'London, UK',
'name': 'Royal Borough of Kensington and Chelsea',
'type': 'Local Government'},
{'industry': 'Public Sector',
'location': 'London, UK',
'name': 'London Borough of Hammersmith and Fulham',
'type': 'Local Government'}],
'attack_vector': ['Phishing (suggested via staff warnings)',
'Shared IT Systems (likely lateral movement)'],
'customer_advisories': ['Public apologies issued',
'Updates to be provided as available'],
'data_breach': {'type_of_data_compromised': 'Under investigation'},
'date_detected': '2024-07-XX (Monday, exact date unspecified)',
'date_publicly_disclosed': '2024-07-XX (same week as detection, exact date '
'unspecified)',
'description': 'London councils, including Westminster, Kensington and '
'Chelsea, and Hammersmith and Fulham, were hit by a cyber '
'attack on Monday (date unspecified). Shared IT systems and '
'phone lines were disrupted, prompting activation of emergency '
'and business continuity plans. The source and scale of the '
'attack remain under investigation, with the National Cyber '
'Security Centre (NCSC) and cyber specialists assisting. The '
'Information Commissioner has been notified. Some systems may '
'remain offline until the end of the week. The attack is '
'suspected to have originated at Kensington and Chelsea '
'Council, which shares IT infrastructure with neighboring '
'authorities. Staff across London councils were advised to '
'avoid suspicious emails, links, or unusual requests. The '
'incident echoes a 2020 ransomware attack on Hackney Council, '
'which had lasting impacts due to insufficient protective '
'measures.',
'impact': {'brand_reputation_impact': ['Potential reputational damage',
'Apologies issued to residents'],
'data_compromised': 'Under investigation (standard practice to '
'check)',
'downtime': 'Several hours (call center) to potentially end of the '
'week (some systems)',
'legal_liabilities': ['Information Commissioner notified',
'Potential scrutiny (referencing Hackney '
"Council's 2020 incident)"],
'operational_impact': ['Disruption to critical services',
'Business continuity plans activated',
'Focus on supporting vulnerable residents'],
'systems_affected': ['Shared IT systems',
'Phone lines',
'Call center (Kensington and Chelsea)',
'Critical services (temporarily disrupted)']},
'initial_access_broker': {'entry_point': ['Suspected phishing (via staff '
'warnings)',
'Kensington and Chelsea Council '
'(shared IT systems)']},
'investigation_status': 'Ongoing (cause and data compromise under '
'investigation)',
'ransomware': {'data_encryption': ["Suspected (referencing Hackney Council's "
'2020 attack, but unconfirmed for this '
'incident)']},
'recommendations': ['Avoid opening suspicious emails',
'Do not click on unexpected links',
'Verify unusual requests',
'Implement robust protective measures (referencing '
"Hackney Council's 2020 criticism)"],
'references': [{'date_accessed': '2024-07-XX',
'source': 'News Article (unspecified publisher)'},
{'source': 'Hackney Council 2020 Cyber Attack Reference'}],
'regulatory_compliance': {'regulatory_notifications': ['Information '
"Commissioner's Office "
'(ICO) notified']},
'response': {'communication_strategy': ['Public statements issued',
'Apologies to residents',
'Updates promised as available'],
'containment_measures': ['IT teams worked overnight',
'Mitigations implemented',
'Network access restrictions (implied)'],
'enhanced_monitoring': ['Staff warned about phishing '
'emails/links'],
'incident_response_plan_activated': True,
'law_enforcement_notified': ["Information Commissioner's Office "
'(ICO)'],
'recovery_measures': ['Business continuity plans',
'Prioritizing critical services for '
'vulnerable residents'],
'remediation_measures': ['Restoring systems safely',
'Investigating data compromise'],
'third_party_assistance': ['National Cyber Security Centre '
'(NCSC)',
'Cyber specialists']},
'stakeholder_advisories': ['Staff warned about phishing risks'],
'title': 'Cyber Attack on London Councils Activates Emergency Plans',
'type': ['Cyber Attack', 'Suspected Ransomware (unconfirmed)']}