The **Royal Borough of Kensington and Chelsea (RBKC)** in west London suffered a **cyber attack** that forced staff to work remotely, disrupted critical systems (including phone lines and online services), and triggered emergency response protocols. The incident, investigated by the **National Crime Agency (NCA) and GCHQ’s National Cyber Security Centre (NCSC)**, also impacted **Westminster City Council and Hammersmith & Fulham Council** due to shared IT infrastructure. While the exact scale of data compromise remains unclear, cybersecurity experts warned of potential **personal data exposure**, urging residents to exercise caution against follow-up phishing attempts. The council’s internal networks were partially shut down as a precaution, with no immediate timeline for full restoration. Services like online forms and website functionality were intermittently unavailable, and alternative contact methods were provided. The attack’s severity was underscored by the council’s **£12M annual IT security budget**, the involvement of national cyber agencies, and comparisons to high-profile breaches (e.g., **The Co-op’s 6.5M-record data theft**). Experts noted the incident’s potential to exploit **interconnected digital dependencies**, risking a broader local authority crisis. The council confirmed the attack’s cause was identified but withheld details pending investigation.
Source: https://www.bbc.com/news/articles/c5y2w43ry5lo
Royal Borough of Kensington and Chelsea cybersecurity rating report: https://www.rankiteo.com/company/royal-borough-of-kensington-and-chelsea
"id": "ROY5362053112725",
"linkid": "royal-borough-of-kensington-and-chelsea",
"type": "Cyber Attack",
"date": "11/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': 'Residents of RBKC (population '
'~158,000)',
'industry': 'Public Sector',
'location': 'West London, UK',
'name': 'Royal Borough of Kensington and Chelsea '
'(RBKC)',
'type': 'Local Government'},
{'customers_affected': 'Residents of Westminster '
'(population ~219,000)',
'industry': 'Public Sector',
'location': 'Westminster, London, UK',
'name': 'Westminster City Council',
'type': 'Local Government'},
{'customers_affected': 'Residents of Hammersmith and '
'Fulham (population ~186,000)',
'industry': 'Public Sector',
'location': 'Hammersmith and Fulham, London, UK',
'name': 'Hammersmith and Fulham Council',
'type': 'Local Government'}],
'customer_advisories': ['Alternative contact numbers published',
'Website maintenance alerts'],
'data_breach': {'personally_identifiable_information': ['Possible (expert '
'warning issued)'],
'type_of_data_compromised': ['Potential personal data '
'(unspecified)']},
'date_detected': '2024-MM-DD (Monday of the current week, exact date not '
'specified)',
'date_publicly_disclosed': '2024-MM-DD (same day as detection, per BBC report '
"timestamp: '14 minutes ago')",
'description': 'A cyber attack affected the Royal Borough of Kensington and '
'Chelsea (RBKC), Westminster City Council, and Hammersmith and '
"Fulham Council as part of 'joint arrangements.' The incident "
'led to staff being advised to work remotely, disruption of '
'services (including phone lines and online forms), and '
'precautionary closure of parts of the network. The National '
"Crime Agency and GCHQ's Cyber Security Centre are "
'investigating. Personal data may have been compromised, and '
'residents were urged to remain vigilant against follow-up '
'phishing attempts. The councils activated emergency plans, '
'but full system recovery is expected to take days. The attack '
'highlights risks from shared digital interdependencies among '
'local authorities.',
'impact': {'brand_reputation_impact': ['Public advisory to residents',
'Media coverage highlighting '
'vulnerabilities'],
'data_compromised': ['Potential personal data (unspecified)',
'Residents urged to be cautious'],
'downtime': 'Several days (ongoing)',
'identity_theft_risk': ['Residents warned of potential follow-up '
'phishing'],
'legal_liabilities': ["Information Commissioner's Office (ICO) "
'notified'],
'operational_impact': ['Staff working remotely',
'Disrupted council services',
'Alternative contact numbers provided'],
'systems_affected': ['Phone lines',
'Online forms',
'Internal networks (partially closed)',
'Website (intermittent outages)']},
'investigation_status': 'Ongoing (led by NCA and NCSC)',
'recommendations': ['Residents advised to treat incident-related '
'correspondence with caution (phishing risk).',
'Experts emphasize need to identify shared system '
'providers to mitigate supply-chain risks.',
'Councils urged to review digital interdependencies to '
'prevent cascading breaches.'],
'references': [{'date_accessed': '2024-MM-DD',
'source': 'BBC News',
'url': 'https://www.bbc.com/news/uk-england-london-XXXXXXXXX'},
{'date_accessed': '2024-MM-DD',
'source': 'Local Democracy Reporting Service (LDRS)'}],
'regulatory_compliance': {'regulatory_notifications': ['Information '
"Commissioner's Office "
'(ICO)']},
'response': {'communication_strategy': ['Public statements',
'Internal memos to staff',
'ICO notification',
'Media updates'],
'containment_measures': ['Network segments closed as precaution',
'Systems disconnected from internet'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'network_segmentation': True,
'recovery_measures': ['Alternative contact numbers provided',
'Website maintenance for stability'],
'remediation_measures': ['IT teams working overnight',
'Emergency plans activated'],
'third_party_assistance': ['National Crime Agency (NCA)',
"GCHQ's National Cyber Security "
'Centre (NCSC)']},
'stakeholder_advisories': ['Residents urged to remain vigilant',
'Staff instructed to work remotely'],
'title': 'Cyber attack forces council staff out of offices in Royal Borough '
'of Kensington and Chelsea, Westminster, and Hammersmith & Fulham',
'type': ['Cyber Attack', 'Potential Data Breach']}