Multiple local authorities in London appear to be dealing with a serious cybersecurity incident, it has emerged.
The Royal Borough of Kensington and Chelsea (RBKC) issued a statement on Tuesday revealing that it and Westminster City Council (WCC) were responding to an incident identified on Monday morning.
The two have notified the UK Information Commissioner’s Office (ICO) and are working with the National Cyber Security Centre (NCSC) on incident response.
“We know a number of systems are impacted across both organizations, including phone-lines. If you have an emergency, you can contact the council using the phone numbers at the top of our contacts page,” RBKC said.
“We are diverting more resources to manage this incident and monitor emails and phone lines, and the councils have invoked business continuity and emergency plans to ensure we are still delivering critical services to residents, focusing on supporting the most vulnerable.”
Read more on cyber-attacks in London: Hackney Council Ransomware Attack Cost £12m+
RBKC said its IT team worked throughout the night to put “a number of successful mitigations” in place.
RBKC and WCC share “a number of IT systems and services,” which may explain why both were apparently hit simultaneously. RBKC said Hammersmith and Fulham Council also shares some IT services with the duo, and local reports indicate that this local authority is affected by the same incident.
Although not directly affected, reports suggest Hackney Council officials raised internal cybersecurity threat levels to “critical” this week and sent staff a memo urging them not to fall for phishing attacks.
“We will continue working with our cyber specialists and the NCSC to restore all systems as quickly as possible, and we will be in touch with more information as it becomes available,” concluded the RBKC missive.
London Councils a Popular Target
London’s local authorities have been frequently singled out by ransomware actors over recent years. Like many others across the country, they are often under-resourced, meaning legacy IT systems are not properly protected and cybersecurity expertise is in short supply.
This can have a significant impact on public services. Hackney Council was reprimanded by the ICO last year for serious failings that led to a 2020 ransomware incident and data breach impacting at least 280,000 residents.
The council was reportedly forced to spend over £12m ($15.6m) in recovery costs as a result of the attack.
SonicWall EMEA VP, Spencer Starkey, argued that threat actors would continue to probe government targets in 2026, to erode public confidence in digital services.
“In an economy where every service is digitally linked, a compromise in one node can ripple across the entire system,” he added.
“Without substantial investment in modern defenses, particularly those capable of identifying and countering AI-driven threats, 2026 could see significant disruptions affecting millions of consumers and businesses across the UK.”
