Westminster City Council

Westminster City Council, alongside Kensington and Chelsea and Hammersmith and Fulham, was struck by a **major cyber attack** targeting their shared IT systems under a tri-borough arrangement. The breach was detected on **24 November**, prompting immediate coordination with the **National Cyber Security Centre (NCSC)** and cyber incident experts to isolate affected systems, protect data, and restore critical services. While core public services remain operational, **disruptions persist**, including delays in responses and service delivery, particularly for vulnerable residents. The attack’s scope suggests potential compromise of sensitive municipal data, though no explicit data theft (e.g., personal or financial records) has been confirmed. The **Met Police’s Cyber Crime Unit** is investigating, with no arrests made. The incident underscores risks to **local government infrastructure**, with cascading effects on interdependent boroughs relying on shared IT resources. Recovery efforts prioritize system stabilization and minimizing public inconvenience, though long-term impacts on data integrity or operational resilience remain unclear.

Source: https://fitzrovianews.com/2025/11/27/westminster-council-computer-system-hit-by-cyber-attack/

Westminster City Council cybersecurity rating report: https://www.rankiteo.com/company/westminster-city-council

"id": "WES2233622112725",
"linkid": "westminster-city-council",
"type": "Cyber Attack",
"date": "11/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"

{'affected_entities': [{'customers_affected': 'Residents (specific numbers not '
                                              'disclosed)',
                        'industry': 'Public Administration',
                        'location': 'London, UK',
                        'name': 'Westminster City Council',
                        'type': 'Local Government'},
                       {'customers_affected': 'Residents (specific numbers not '
                                              'disclosed)',
                        'industry': 'Public Administration',
                        'location': 'London, UK',
                        'name': 'Royal Borough of Kensington and Chelsea',
                        'type': 'Local Government'},
                       {'customers_affected': 'Residents (specific numbers not '
                                              'disclosed)',
                        'industry': 'Public Administration',
                        'location': 'London, UK',
                        'name': 'London Borough of Hammersmith and Fulham',
                        'type': 'Local Government'}],
 'customer_advisories': ['Residents advised to expect delays in services, with '
                         'a focus on supporting vulnerable individuals'],
 'date_detected': '2023-11-24',
 'date_publicly_disclosed': '2023-11-24',
 'description': 'Westminster City Council, along with Kensington and Chelsea, '
                'and Hammersmith and Fulham, confirmed a major cyber attack on '
                'their shared IT systems under a tri-borough arrangement. The '
                'councils are working with the NCSC and cyber incident experts '
                'to protect systems, restore services, and maintain critical '
                'public services. The incident was identified on Monday, 24 '
                'November, causing ongoing disruptions to council services '
                'while prioritizing support for vulnerable residents. The Met '
                "Police's Cyber Crime Unit is investigating, with no arrests "
                'made yet.',
 'impact': {'downtime': 'Ongoing (as of disclosure date, with delays expected '
                        'for days)',
            'operational_impact': 'Disruptions to council services, delays in '
                                  'responses, focus on maintaining critical '
                                  'services for vulnerable residents',
            'systems_affected': ['Shared commuter system',
                                 'IT systems under tri-borough arrangement']},
 'investigation_status': 'Ongoing (early stages, no arrests made)',
 'references': [{'source': 'The Fitzrovia News'},
                {'date_accessed': '2023-11-24',
                 'source': 'Westminster City Council Statement'},
                {'date_accessed': '2023-11-24',
                 'source': 'National Cyber Security Centre (NCSC)'},
                {'date_accessed': '2023-11-24',
                 'source': 'Metropolitan Police (Met Police) Cyber Crime '
                           'Unit'}],
 'regulatory_compliance': {'regulatory_notifications': ['Referral to Action '
                                                        'Fraud by affected '
                                                        'residents/councils']},
 'response': {'communication_strategy': ['Public statements on council '
                                         'websites',
                                         'Apologies to residents for '
                                         'disruptions'],
              'containment_measures': ['Isolation and protection of systems'],
              'incident_response_plan_activated': True,
              'law_enforcement_notified': True,
              'recovery_measures': ['Restoring systems',
                                    'Maintaining critical services'],
              'third_party_assistance': ['National Cyber Security Centre '
                                         '(NCSC)',
                                         'Cyber incident experts']},
 'stakeholder_advisories': ['Public statements acknowledging disruptions and '
                            'apologizing for inconvenience'],
 'title': "Major Cyber Attack on Tri-Borough London Councils' Shared Commuter "
          'System',
 'type': 'Cyber Attack'}