Three London councils have reported a cyber-attack, prompting the rollout of emergency plans and the involvement of the National Crime Agency (NCA) as they investigate whether any data has been compromised.
The Royal Borough of Kensington and Chelsea (RBKC), and Westminster city council, which share some IT infrastructure, said a number of systems had been affected across both authorities, including phone lines. The councils shut down several computerised systems as a precaution to limit further possible damage.
The Information Commissioner’s Office (ICO) said the London Borough of Hammersmith and Fulham had also reported an attack. Together the three authorities provide services for more than half a million Londoners.
RBKC said it had established the cause of the cyber incident on Wednesday but declined to give further details, citing the involvement of the NCA and National Cyber Security Centre (NCSC), part of GCHQ.
In 2020 a ransomware attack on Hackney council accessed and encrypted 440,000 files, resulting in a reprimand from the ICO.
Engineers at RBKC worked through the night on Monday, when the incident occurred, and Tuesday. Services including checking council tax bills and paying parking fines are likely to be limited at RBKC, which said its website would probably go up and down during Wednesday as security fixes progressed.
In a statement, the council said: “We don’t have all the answers yet, as the management of this incident is still ongoing. But we know people will have concerns, so we will be updating residents and partners further over the coming days. At this stage it is too early to say who did this, and why, but we are investigating to see if any data has been compromised – which is standard practice.”
It said it and Westminster had been working with specialist cyber-incident experts and the NCSC, “with the focus on protecting systems and data, restoring systems, and maintaining critical services to the public”.
The boroughs also share some IT systems with the London borough of Hammersmith and Fulham. It was not immediately clear to what extent that borough had been affected.
RBKC said it had “invoked business continuity and emergency plans to ensure we are still delivering critical services to residents, focusing on supporting the most vulnerable”.
after newsletter promotion
Westminster city council said in a statement: “We apologise to residents for any inconvenience and thank them for being flexible and understanding. People may see some delays in responses and the services we provide over the coming days. We will continue working with our cyber specialists and the NCSC to restore all systems as quickly as possible, and we will be in touch with more information as it becomes available. If there are any further changes to services, we endeavour to keep everyone updated.”
The incident, which was spotted on Monday morning, led to concern at other councils. Hackney in east London, which was not affected but saw land searches, housing and planning services affected in 2020, told staff it had “received intelligence that multiple London councils have been targeted by cyber-attacks within the last 24-48 hours, with potential disruption to systems and services”.
Rob Miller, a former IT director at Hackney council and now a senior director at the consultancy Public Digital, said: “If you want to impact on people’s lives, councils are a good target. [When it happens] it feels like your stomach has dropped out and quickly it becomes apparent how hard it is to get things back. It’s a genuinely traumatic experience.”
