The Royal Borough of Kensington and Chelsea (RBKC), Westminster City Council, and Hammersmith and Fulham Council confirmed they were targeted in the incident that began on Monday, November 24.
The attack has forced officials to shut down systems as a precautionary measure while they work to restore services and investigate potential data compromise.
The first public indication of trouble came when RBKC posted on the social media platform X at approximately 1 pm on Monday, stating it was experiencing “system issues” that would affect access to online services.
By Tuesday morning, the council upgraded the description to a “serious IT issue” that would continue disrupting services.
Westminster Council also acknowledged problems with its IT systems on Tuesday, while behind the scenes, staff received memos confirming the system shutdown was a direct response to the cyber incident.
Hackney Council officials were alerted through emergency meetings and an urgent communication warning of a “significant and immediate threat.”
The message stated that multiple London councils had been targeted within the previous 24 to 48 hours, prompting Hackney to elevate its internal cyber threat level to Critical.
Hammersmith and Fulham Council staff similarly received memos about the “serious cybersecurity incident,” though the council noted there was currently no evidence its systems had been breached.
The incident has drawn immediate attention from national security and law enforcement agencies.
RBKC confirmed it has informed the Information Commissioner’s Office (ICO) and is working closely with the National Cyber Security Centre (NCSC), an arm of the UK intelligence agency GCHQ.
The council’s cybersecurity teams worked through Monday night to implement protective measures and maintain critical public services.
An RBKC spokesperson emphasized the ongoing nature of the response: “At this stage it is too early to say who did this, and why, but we are investigating to see if any data has been compromised – which is standard practice.
Our IT teams worked through the night yesterday and a number of successful mitigations were put in place, and we remain vigilant should there be any further incidents or issues.”
According to Cyberplace, the spokesperson apologized to residents for the inconvenience and warned of potential delays in council responses and services in the coming days.
The council pledged to continue collaborating with cyber specialists and the NCSC to restore full system functionality as quickly as possible.
The National Cyber Security Centre confirmed its involvement, stating: “We are aware of an incident affecting some local authority services in London and are working to understand any potential impact.”
The Metropolitan Police also acknowledged the situation, with a spokesperson confirming they received a referral from Action Fraud on Monday regarding the suspected cyberattack.
The Met’s Cyber Crime Unit has launched an investigation, though enquiries remain in the early stages and no arrests have been made.
Residents across the affected boroughs may experience continued disruptions to online services, telephone lines, and council operations as the investigation and recovery efforts continue.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.