The Royal Borough of Kensington and Chelsea (RBKC) and the Westminster City Council (WCC) announced that they are experiencing service disruptions following a cybersecurity issue.
Multiple systems have been impacted by the attack, including phone lines, which prompted the two councils to activate emergency plans to make sure that residents still receive critical services.
The two authorities have been impacted at the same time because they share some IT infrastructure as part of joint arrangements.
A third council, the London Borough of Hammersmith and Fulham (LBHF), also shares some services with RBKC and WCC and decided to take “enhanced measures to isolate and safeguard our networks,” which led to business disruptions.
Westminster City Council is a major local authority in the U.K., with important landmarks in the area, like the Palace of Westminster (Houses of Parliament), the Buckingham Palace, 10 Downing Street, national institutions, important shopping streets, and significant tourist hotspots.
The councils, which provide services for 360,000 residents, shut down several computerised systems as a precaution to limit further possible damage.
RBKC is one of the smallest boroughs in London (in terms of size and population) but also the wealthiest (in terms of GDP per capita) in the UK, while LBHF is a mid-sized but still significant council serving 180,000 residents.
In an announcement yesterday, the RBKC said that it had an issue that prevented residents from contacting the council through online services or the contact center.
.png "Multiple London councils' IT systems disrupted by cyberattack 3")
The council later published a statement saying that it was “responding to a cyber security issue” that occurred on Monday and also affected Westminster City Council.
The local authority stated that investigations into the perpetrators and their motives are ongoing and that it will publish updates as soon as more information becomes available.
“[…] the two authorities have been working closely together and with the help of specialist cyber incident experts and the National Cyber Security Centre, with the focus on protecting systems and data, restoring systems, and maintaining critical services to the public.”
“We don’t have all the answers yet, as the management of this incident is still ongoing,” RBKC says, adding that “we know people will have concerns, so we will be updating residents and partners further over the coming days.”
“At this stage, it is too early to say who did this and why, but we are investigating to see if any data has been compromised.”
The council states that it has already informed the UK Information Commissioner’s Office (ICO), in accordance to established protocols.
The other two councils, WCC and LBHF, have published short statements about the disruption via banners on their websites, listing alternative phone numbers people can use right now to contact them.
BleepingComputer has contacted RBKC to ask more details about the shared IT system, but a spokesperson declined to disclose any additional information at this time.
Security expert Kevin Beaumont said that the incident is a ransomware attack at a services provider used by the three councils.
At the time of writing, no ransomware groups publicly claimed the attack.
As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.
This free cheat sheet outlines 7 best practices you can start using today.