Council Data Breach: London Boroughs Activate Emergency Plans After Cyber Attack

Three London councils, including the Royal Borough of Kensington and Chelsea (RBKC), Westminster City Council, and Hammersmith and Fulham, have triggered emergency response plans following a significant cyber incident affecting shared systems. The attack, now under investigation by the National Crime Agency and GCHQ’s National Cyber Security Centre, has disrupted essential services and raised concerns about a potential council data breach. With networks partially offline and some staff told to work from home, the incident highlights the growing threat facing local authorities and the importance of strong cyber resilience.

Why This Incident Matters Now

This attack comes at a time when councils across the UK are increasingly targeted by organised cybercriminal groups exploiting shared IT infrastructures and legacy systems. Cyber-security experts have warned that personal data may have been compromised, and have urged residents to remain cautious of suspicious emails, texts, or calls referencing the incident. As local authorities continue to digitalise essential services, any council data breach presents serious risks, including service disruption, financial loss, and harm to community trust.

RBKC confirmed that it has identified the cause of the cyber incident and has notified the Information Commissioner’s Office (ICO) as required under UK GDPR. Several systems, including phone lines and online forms, remain disrupted while investigations continue. Staff have been advised to work from home wherever possible as networks remain partially closed “as a precautionary measure”. The council is not expecting a full return of affected systems for several days.

What We Know About the Council Data Breach

An internal RBKC memo, shared with the Local Democracy Reporting Service (LDRS), indicates the council has restricted parts of its network to prevent further compromise. Guest Wi-Fi and mobile hotspots remain available, but key internal systems are offline while the investigation progresses.

Cyber-security specialists have stressed the importance of identifying the organisation responsible for the shared infrastructure affected by the attack. If the breach originated from a third-party system, other customers using the same provider may also be at risk. Experts have warned residents to “treat all correspondence with caution”, as attackers frequently exploit publicity surrounding a cyber attack to launch secondary phishing campaigns.

RBKC stated that its IT teams “worked through the night” to determine the cause of the incident. While the council has acknowledged ongoing disruption, it said it will not share further details until the investigation is complete. In the meantime, alternative contact numbers have been added to its website, although some pages and online forms may be unavailable during planned maintenance linked to incident recovery.

Why Councils Are High-Value Targets

Councils hold vast quantities of personal data including names, addresses, financial information, social care records, planning documents, staff details, and internal communications. The scale and sensitivity of this information make councils attractive targets for cybercriminals. A single council data breach can expose thousands of residents to fraud, identity theft, or targeted scams.

Local authorities also manage critical services such as housing, social care, benefits, and environmental health. Disrupting these systems can create real-world impact quickly, putting pressure on councils to restore access and making them more vulnerable to ransomware extortion attempts.

RBKC has said it spends more than £12 million per year on IT and security systems, reflecting the scale of the threat and the complexity of maintaining resilient infrastructure across multiple services.

What Councils Should Be Doing Now

Cyber attacks on local authorities are increasing in frequency and sophistication. This incident demonstrates how one breach can affect multiple boroughs through shared systems. Councils should take immediate action to strengthen their cyber resilience and reduce the risk of a council data breach.

Key steps include:

1. Strengthen Incident Response Procedures
Ensure emergency plans are tested, documented, and ready to be activated. Define roles, escalation routes, and communication strategies for both internal staff and the public.

2. Prioritise Network Segmentation and Access Controls
Limit how far attackers can move across internal systems. Use least-privilege access, multi-factor authentication, and enhanced monitoring for high-risk accounts.

3. Conduct Regular Cyber Audits
Carry out proactive assessments to identify vulnerabilities in shared platforms, legacy systems, and third-party software. Our GDPR Audits help organisations identify and resolve high-risk gaps.

4. Improve Supplier Oversight
Review contracts and ensure third-party providers have clear obligations around security, breach notification, and resilience. A supplier failure can quickly escalate into a major council data breach.

5. Train Staff
Human error remains the top cause of data breaches. All staff, especially frontline teams, should receive regular data protection and cyber awareness training to identify phishing threats and respond safely.

6. Maintain Clear Resident Communications
Provide up-to-date information through trusted channels to prevent misinformation and reduce the risk of scammers exploiting anxious residents.

Our View

This incident reinforces an uncomfortable truth: public sector organisations remain on the frontline of cybercrime. While RBKC and its partner boroughs responded quickly and initiated emergency plans, the attack highlights the scale of risk created by interconnected systems and shared digital infrastructure. A council data breach has the potential to impact tens of thousands of residents, disrupt essential services, and undermine public confidence.

At Data Protection People, we support councils in building resilience through strong governance, independent audits, tailored training, and ongoing compliance support. Preventing an incident is always less costly — financially and reputationally — than recovering from one.

FAQs

Has resident personal data been confirmed as compromised?

It is not yet confirmed. Experts have stated that there is a possibility of personal data being affected, and residents are advised to remain cautious.

Why do cyber attacks target councils?

Councils hold large volumes of sensitive data and run essential public services, making them valuable targets for criminals.

Should residents worry about scams?

Yes. After any council data breach, attackers often exploit publicity to target residents with phishing messages. Treat unexpected contact with caution.

How long will disruption last?

RBKC has confirmed that full system restoration may take several days, depending on the investigation and recovery work.

Contact Us

If your council or organisation needs support strengthening cyber resilience, managing data breaches, or improving governance, our team can help. We offer Data Protection Support, GDPR Audits, and staff training to reduce risk and protect the people you serve. Contact us today.

Cyber Security Services

PCI DSS

ISO 27001

Cyber Security Consultancy

Cyber Security Support

Pentesting

External Attack Surface Management

Data Protection Services

SAR Support

Data Protection Support

Outsourced DPO

Data Protection Consultancy

Information Management Software

GDPR Training

GDPR Audits

GDPR Representative

GDPR Documentation

GDPR Toolkit

Information Rights Request

Expert support when you need it most