Thousands of London residents have been urged to stay alert after a major council cyberattack exposed sensitive information. Officials from the Royal Borough of Kensington and Chelsea (RBKC) confirmed that data had been copied from their systems earlier this week, prompting warnings for locals to treat every unexpected email, phone call, or text message with caution. But here's where it gets controversial — the council believes the stolen material is 'historical data,' leaving many wondering how old that information actually is, and whether it still contains personal or financial details of residents, customers, or service users.
According to RBKC, which serves about 147,500 people, the attack triggered an immediate collaboration with the National Cyber Security Centre (NCSC), the National Crime Agency, and the Metropolitan Police. Together, they are working to identify who was behind the breach. The council anticipates at least two weeks of significant disruption as digital systems are restored and critical services resume.
This latest incident is part of a wider wave of cyberattacks targeting local authorities across London. Three councils — Kensington and Chelsea, Westminster, and Hammersmith and Fulham — have all confirmed they were hit in the same week. Some of their communication systems, including phone lines, were reportedly disrupted. Hammersmith and Fulham officials described their response as 'working around the clock' to recover from the damage.
Cybersecurity experts have noted that these attacks resemble tactics used in ransomware operations, where hackers lock an organisation’s data using malicious software, steal copies of the data, and then demand cryptocurrency payments in exchange for restoring access. Such operations are often traced back to cybercriminal networks based in the former Soviet Union. However, none of the affected London councils have confirmed whether ransomware was involved in their cases.
This isn’t the first time UK councils have found themselves in the crosshairs of hackers. The 2020 ransomware attack on Hackney Council, for instance, saw around 440,000 files encrypted and stolen, eventually earning the council a formal reprimand from the UK’s data watchdog. Incidents like these continue to highlight how vulnerable local governments are to sophisticated cybercrime, and how stretched public institutions can be when defending against such threats.
Elizabeth Campbell, Conservative leader of RBKC, said that alerting residents as quickly as possible was 'the right thing to do.' She emphasized transparency, adding, 'As a resident myself, I would want to know this kind of information promptly so I can take precautions and protect myself if necessary.'
But this raises a bigger question — are councils doing enough to safeguard citizen data in the first place? Should residents trust that their personal details are secure, or does this event prove that local systems remain dangerously exposed? How do you feel about the balance between digital convenience and data safety? Share your thoughts below — do you think councils should face stricter accountability when breaches like this occur?
