London Councils Hit by Cyberattacks Disrupting Public Services and Raising Security Concerns

 

Multiple local authorities across London have been hit by cyber incidents affecting operations and public services, according to reports emerging overnight. The attacks have disrupted essential council functions, including communication systems and digital access, prompting heightened concern among officials and cybersecurity experts. 

Initial reporting from the BBC confirmed that several councils experienced operational setbacks due to the attack. Hackney Council elevated its cybersecurity alert level to the highest classification, while Westminster City Council acknowledged challenges with public contact systems. The Royal Borough of Kensington and Chelsea also confirmed an active investigation into the breach. Internal messages seen by the Local Democracy Reporting Service reportedly advised employees to follow emergency cybersecurity protocols and noted that at least one affected council temporarily shut down its networks to prevent further compromise. 

In a public statement, Kensington and Chelsea Council confirmed the incident and stated that it was working alongside cybersecurity consultants and the U.K. National Cyber Security Centre to secure systems and restore functionality. The council also confirmed that it shares certain IT infrastructure with Westminster City Council, and both organisations are coordinating their response. However, Hackney Council later clarified that it was not impacted by this specific incident, describing reports linking it to the breach as inaccurate. 

The council stated that its systems remain operational and emphasised that staff have been reminded of ongoing data protection responsibilities. Mayor of London Sadiq Khan commented that cybercriminals are increasingly targeting public-sector systems and stressed the importance of improving resilience across government infrastructure. Security specialists have also issued warnings following the incident. Dray Agha, senior director of security operations at Huntress, described the attack as a stark example of the risks associated with shared government IT frameworks. Agha argued that while shared digital systems may be cost-efficient, they can significantly increase exposure if an attacker gains access to one connected organisation. 

Rebecca Moody, head of data research at Comparitech, said the disruption aligns with common indicators of ransomware activity, noting both operational outages and possible data exposure. She added that government bodies remain among the most frequent targets of cyber extortion, with global data showing 174 confirmed attacks on government institutions so far in 2025, affecting more than 780,000 records and averaging ransom demands of roughly $2.5 million. Ian Nicholson, head of incident response at Pentest People, warned that the consequences extend beyond system outages. 

Councils hold highly sensitive and regulated personal information, he noted, and cyber incidents affecting the public sector can directly impact citizen-facing services, particularly those tied to social care and emergency support. As investigations continue, affected authorities have stated that their primary focus remains on safeguarding resident data, restoring services, and preventing further disruption.