Key Points
- Three West London councils Royal Borough of Kensington and Chelsea (RBKC), Westminster City Council (WCC), and Hammersmith and Fulham Council are experiencing significant IT and phone system disruptions.
- The disruption stems from a cyberattack on a shared services provider supporting their back-office systems.
- The incident was first publicly acknowledged by RBKC on Tuesday evening, November 25.
- Councils describe the situation cautiously as an “IT incident” and are actively investigating and working with partners to restore normal services.
- The cyberattack has impacted online services, customer phone lines, and slowed customer service operations.
- Residents are having difficulty accessing services remotely and are sometimes forced to attend council offices in person for urgent matters.
- The full scope of the cyberattack’s impact and its origin remain undisclosed.
What happened to the IT systems and phone services of the London councils?
Three councils in West London the Royal Borough of Kensington and Chelsea (RBKC), Westminster City Council (WCC), and fulham/hammersmith/">hammersmith-and-fulham/">Hammersmith and Fulham Council are facing severe disruption to their IT infrastructure and phone lines following a cyberattack on their shared services provider. RBKC first publicly acknowledged the issue on the evening of Tuesday, November 25. The councils described the event only as an “IT incident” but confirmed they were responding to a cybersecurity issue and working with partners to investigate and restore normal service operations (reported by RBKC statements).
Which councils are affected by the cyberattack?
The affected councils include RBKC, Westminster City Council, and Hammersmith and Fulham Council. All three rely on a shared services provider for critical back-office IT systems, which the cyberattack compromised. This has led to issues affecting multiple council functions across these local authorities.
How has the cyberattack affected council services and resident access?
The assault on IT systems caused disruptions to online services managed by the councils, reducing their availability or slowing their operation. In addition, local reports indicate that some phone lines and customer service operations have been partially or fully down, slowing response times. As a result, residents are finding it difficult to contact the councils via phone. This has forced many residents with urgent needs to visit council offices in person due to the limited alternative options available (reported by cyberplace.social and local sources).
What details are known about the cyberattack and council response?
Aside from confirming the incident and ongoing investigations, detailed information about the nature of the cyberattack, the methods used, or the perpetrators involved has not been disclosed by the councils or their shared services provider. RBKC communicated that they were “responding to a cyber security issue” and cooperating with partners to restore affected systems. The term “IT incident” is used publicly, perhaps to manage the sensitivity and ongoing investigation.
Why is the cyberattack significant for local government operations?
The attack on these councils interrupts key administrative and customer-facing systems vital for everyday governance functions and resident services. Given the reliance on shared IT services, a disruption can cascade across multiple councils, increasing operational risk. Phone lines and digital services are critical for residents accessing support, benefits, and council programs. The current breakdown in communication and service access represents a serious challenge to local government delivery and resident engagement.
What broader context exists around UK cyber threats to local councils?
Increasingly, UK local authorities have been targeted in cyberattacks designed to disrupt services or gain access to sensitive data. Shared IT service models can introduce vulnerabilities if providers are compromised. This incident underscores ongoing cybersecurity challenges faced by public sector organisations in protecting infrastructure and maintaining trust through uninterrupted services.
A cyberattack on the shared services IT systems of three West London councils has caused widespread disruption to their online services and phone lines, significantly affecting residents’ ability to access council services remotely. Councils are investigating and working to restore normal operations, though detailed information about the attack remains limited. This event highlights the vulnerability of local government IT infrastructure to cyber threats in today’s digital environment.
