Article Details

Kensington and Chelsea confirms IT outage was a data breach after all. Borough says attackers copied 'historical' info as three-council cyber woes drag on. Kensington and Chelsea Council has admitted that data was quietly lifted from its systems during last week's cyber meltdown, confirming that the outage was not just an IT faceplant but a bona fide data breach. The Royal Borough of Kensington and Chelsea (RBKC), which last week 'fessed up to a cybersecurity incident that had downed its IT systems, said in an updated statement that it has "obtained evidence on our systems that shows some data has been copied and then taken away."  The authority has not said what kind of data was taken, how much was removed, how long the attacker had access, or whether the information pertains to residents, staff, partner organizations, or internal operations. RBKC added that it is checking whether the copied data "contains any personal or financial details of residents, customers, and service users," but said that it believes the incident impacted only "historical data." Still, the council is urging residents and service users "to be extra vigilant when called, emailed or sent text messages," adding that anyone who's bought something from the borough – "for example a parking permit" – should double-check their bank and card details and keep an eye out for anything dodgy. The upgraded assessment marks a shift from the borough's original position last week, when it confirmed only an unspecified "incident" had affected internal systems. As The Register reported at the time, Kensington and Chelsea was one of three London councils – alongside Hammersmith & Fulham and Westminster – hit by an outage that knocked key services offline across the councils' shared IT environment. Staff were forced back onto manual processes, public-facing systems sputtered, and the authorities brought in external investigators after isolating parts of their infrastructure. RBKC says it is continuing to bring systems and services back online, but warned that some services may still experience delays or reduced availability, and told residents to brace for "at least two weeks of significant disruption" while the clean-up drags on. It's not yet known who is behind the cyberattack targeting the three London councils, which is being probed by the National Cyber Security Centre (NCSC) and the Metropolitan Police. The incident hasn't yet been claimed by any major ransomware group, but RBKC said it is "possible" that the stolen data could end up in the public domain. RBKC's admission that data was stolen (sorry, "copied") highlights just how tangled the boroughs' shared IT setup has become. Over the years, Kensington and Chelsea, Hammersmith & Fulham, and Westminster have stitched their finance systems, case management tools, housing platforms, licensing software, and various older services into one big digital estate. That has made day-to-day work easier, but it also means a hit on one council can quickly ripple across all three, turning any cyber incident into a far more complicated mess to contain and clean up. Westminster City Council admits it's still experiencing "ongoing technical issues" and is taking "swift and effective action to bring all our systems back online as soon as possible." In an updated statement published on Tuesday, Hammersmith & Fulham Council said there is currently "no evidence" of its systems being compromised. It added: "Due to a cybersecurity incident in a neighbouring borough, we are continuing to undertake a series of enhanced security measures and carefully investigate the impacts on all our systems and services." For residents and businesses, the lack of detail in RBKC's update will no doubt prove frustrating. Councils tend to hold sensitive information such as tenancy records, social care notes, licensing applications, payment information, and correspondence with vulnerable residents – precisely the types of information that become high-value targets during municipal cyberattacks.  Until Kensington and Chelsea can explain what was taken, who is affected, and how long the attacker was inside, Londoners relying on the borough's services are left waiting for clarity the council still doesn't have.