Local Government Lawyer

Government Legal Department Vacancies


Data was copied without authorisation in recent cyber attack “with criminal intent”, London boroughs reveal

Details

Some council data was copied and taken away by a third party without consent following a recent cyber security incident, Westminster City Council and the Royal Borough of Kensington & Chelsea have confirmed.

In its latest update (17 December) Westminster said it detected unusual activity in its IT network on 24 November and “acted immediately to shut down and isolate systems to protect data and services, with this precautionary measure causing ongoing disruption”.

It added that whilst council services are running, the full restoration of systems will only be carried out when it is safe to do so.

Westminster said: “The council has established that the Westminster breach involves some limited data, hosted in the Royal Borough of Kensington and Chelsea's shared IT environment, which is likely to contain some potentially sensitive and personal information.

“Work is underway to establish what exactly the data entails and how it relates to individuals, as part of a comprehensive process in line with the Information Commissioner’s Office (ICO) recommendations, which will take some time to complete. The data is not lost or deleted, and there is no indication at this stage that it has been published online.”

Kensington and Chelsea revealed on 28 November it had experienced a data breach as a result of the cyber security incident.

In an update also issued yesterday, the Royal Borough said it was a cyber attack “with criminal intent”.

It added: “Our cyber security team detected and contained the attack quickly. There is no evidence of any lateral movement, so we believe the attack was stopped before it spread to third party systems that help us provide services and store data.

“We confirmed a data breach with the Information Commissioner's Office at the earliest opportunity. We are now investigating that breach for any sensitive data – small samples show that some of the resident data copied is likely to contain sensitive data and personal information.

“It is possible any data copied and taken from us could be misused or published. We are planning accordingly for this, working with law enforcement at every step.”

Kensington & Chelsea said: “We are taking steps to work through the data in accordance with ICO and legal rules and will be in touch with residents directly. We recognise the sensitivity and importance of this work.”

It added: “Investigations are still ongoing, but it is not unusual for councils and other public sector organisations to be targeted in cyber attacks – especially by criminals looking for personal information or sensitive data.

“In fact most local authorities are under constant attack. In 2024, the local government sector reported over 150 incidents to the Information Commissioner's Office.”

Westminster meanwhile said it is working closely with the Metropolitan Police, the National Crime Agency and the National Cyber Security Centre.

Cyber security experts from NCC Group are working with the councils to investigate and protect residents.

“This also includes working within the guidelines of the Office of the Information Commissioner in terms of any notifications that may be required in the future, when the full details of the copied data have been established. As this will take some time to determine, a dedicated helpline and e-mail inbox have been established in the meantime to support with any enquiries from the public,” Westminster said.

Westminster and RBKC have also been working with the London Borough of Hammersmith and Fulham, which shares some legacy systems.

“The boroughs also have a joint data and IT group working together to understand the data that has been copied and any implications,” Westminster said.

Cllr David Boothroyd, Westminster’s Cabinet Member for Finance and Council Reform, said: “I want to reassure residents that we are doing everything possible to respond effectively to the cyber security incident and to keep delivering our services. Our priority is to support and protect the most vulnerable in our community, despite the disruption that is being caused.

“We acted quickly to secure our systems, and we are working towards restoring council services as safely and swiftly as possible, but this will take time. We remain committed to transparency and will continue to provide updates as our recovery progresses.”

Hammersmith & Fulham has been approached for comment.

In an update posted this morning, the council said: "Due to a cyber security incident in a neighbouring borough, we are continuing to undertake a series of enhanced security measures and carefully investigate the impacts on all our systems and services. Currently, there is no evidence of H&F systems being compromised."

Some online systems are temporarily unavailable, it added.

Related Articles
Information Commissioner writes to local authorities demanding change in handling of care records requests
09-12-2025
ICO ‘names and shames’ public authorities over FOI failures
04-12-2025
ICO reprimands Post Office over Horizon IT scandal data breach involving unredacted legal settlement document
03-12-2025
Information watchdog to continue with its public sector approach to data protection enforcement
24-11-2025
Council refers itself to ICO after publishing personal data of 600 local plan respondents
11-11-2025

Jobs

Weightmans Dec 25 PSSS (2)

 

Poll