It’s official: what started as an IT outage was actually a data breach. Kensington and Chelsea Council has now confirmed that sensitive data was extracted from its systems during last week’s cyber incident, turning what seemed like a system failure into something far more serious — a verified security breach.
The Royal Borough of Kensington and Chelsea (RBKC), which had initially downplayed the event as a technical glitch disrupting its IT environment, has now admitted to finding evidence that “data was copied and removed” from its network. In other words, someone managed to quietly take information before the council could act.
What exactly was taken remains uncertain — and that’s adding to public concern. RBKC hasn’t revealed the type or quantity of data stolen, the duration of the breach, or whether it includes details about residents, staff, or partner organizations. The council stated that it is still assessing whether the compromised information contains any personal or financial details, but early indications suggest that only “historical data” may have been affected. Still, that assurance feels thin — because outdated information can still reveal a lot about people’s lives.
In its latest statement, the council urged residents to stay alert for suspicious contact, whether by phone, text, or email. Anyone who has made payments to the borough — even for something as simple as a parking permit — has been advised to monitor their bank accounts and card statements for any irregularities. It’s a reminder that cyberattacks rarely end where the breach begins.
But here’s the twist: this new explanation represents a clear shift from the council’s earlier position. Initially, RBKC had described the situation merely as an “incident” that affected its internal systems. However, as investigations unfolded, it became clear that the problem extended well beyond temporary downtime. Kensington and Chelsea was one of three London councils — alongside Hammersmith & Fulham and Westminster — hit by the same system outage that disrupted numerous public services across their shared IT infrastructure. Staff had to revert to manual processes, while external cybersecurity experts were called in to contain the threat.
The borough now reports that systems are coming back online, but full restoration is expected to take time. Officials have warned residents to prepare for “at least two weeks of significant disruption” as technical teams continue recovery efforts. Some services may still run slower than usual or remain partially unavailable.
The mystery of who launched the attack still hasn’t been solved. The National Cyber Security Centre (NCSC) and the Metropolitan Police are investigating, but no ransomware gang or cybercrime group has yet claimed responsibility. The council admits there’s a “possibility” that the stolen files could surface publicly — a scenario that would escalate the crisis even further.
This incident underscores the complexity — and vulnerability — of shared IT systems among London’s boroughs. Kensington and Chelsea, Hammersmith & Fulham, and Westminster councils have, over time, linked much of their digital infrastructure: finance systems, housing and licensing platforms, case management software, and other essential tools. This collaboration was supposed to boost efficiency — but it also means one breach can instantly impact all three boroughs, turning a single compromise into a widespread digital domino effect.
Westminster City Council reported that it continues to deal with “ongoing technical issues” and is taking “swift and effective action” to restore all services. Meanwhile, Hammersmith & Fulham Council said on Tuesday that it has found “no evidence” of a direct compromise in its systems but is still ramping up security checks and continuing a full review due to the incident in a neighboring borough.
For residents and local businesses, the lack of transparency is frustrating. Councils store an enormous amount of sensitive data — tenancy details, social care records, payment information, and correspondence with vulnerable individuals — all of which can become goldmines for cybercriminals if mishandled.
And this is the part most people miss: until Kensington and Chelsea can clarify what data was accessed, who might be affected, and how long intruders were inside, Londoners remain in the dark about the real scale of this breach. Should councils continue pooling their IT systems if the risks keep multiplying?
What’s your take — is shared digital infrastructure a smart way to modernize local government, or is it turning every cyberattack into a citywide crisis waiting to happen?
