Kensington and Chelsea Council Discloses Data Breach
▼ Summary
– The Royal Borough of Kensington and Chelsea (RBKC) council announced a cyber-attack on its IT provider, which may have compromised residents’ historical data.
– The council warned that stolen data could become public and urged residents to be vigilant against phishing attempts exploiting the breach.
– Council services will face significant disruption for at least two more weeks as systems are restored and investigated.
– The same attack also impacted Westminster City Council and potentially Hammersmith and Fulham council, as they share IT services.
– Hammersmith and Fulham council stated there is currently no evidence its systems were compromised, but it has taken enhanced security measures.
Residents of the Royal Borough of Kensington and Chelsea have been notified that their personal information may be at risk following a significant cyber-attack. The breach occurred at a third-party IT provider used by the council, with officials confirming that historical data was copied and removed from their systems. While the full scope is still under investigation, the council has warned that this information could potentially be released publicly, urging everyone to remain vigilant.
The issue was first detected early Monday morning, prompting immediate action to shut down and isolate affected networks. In a public statement, the council emphasized that determining whether the stolen data includes sensitive personal or financial details of residents, customers, and service users is a top priority, though this process will take considerable time. Residents are advised to be on high alert for sophisticated phishing attempts that may use the stolen data to craft convincing emails, texts, or phone calls aimed at stealing further information like payment details.
Security experts highlight that attackers will likely use the known data breach as a point of leverage. Malicious communications may appear to offer updates on the incident while actually containing links or attachments designed to compromise devices or extract more data. The safest course of action is to treat all unsolicited contact with extreme caution and to seek official information only by visiting the council’s website directly, rather than clicking on links in messages.
Service disruptions are expected to continue for at least another two weeks as systems are carefully restored. While the council is working to reinstate phone lines for urgent enquiries, staff access to internal systems remains limited. Residents are asked for patience, as employees may not have immediate answers while the forensic investigation and recovery efforts are ongoing.
This cybersecurity incident also impacted Westminster City Council and potentially the Hammersmith and Fulham local authority, as both share some IT services with Kensington and Chelsea. Westminster Council confirmed it is working closely with partners to investigate the full nature of the breach and assess the potential impact on its own residents. They warned that some disruption to services could last for several weeks, though most core functions continue to operate.
Hammersmith and Fulham Council stated it proactively took steps to isolate and safeguard its networks following the discovery of the attack in the neighbouring borough. While some of its systems remain offline as a precaution during ongoing security reviews, the council’s latest update indicates there is currently no evidence that its own systems were directly compromised. All three authorities continue to coordinate their response to understand the full extent of this data security event.
(Source: Info Security)