More than 100,000 households warned after cyber attack on Kensington and Chelsea council
It is believed that the personal information of hundreds of thousands of people was stolen in the cyber attack on Kensington and Chelsea municipalities.
West London Council has warned households to be wary of unexpected calls, messages and contacts as information could be used to make scams appear legitimate.
Small samples of data hacked by criminals suggest it is likely to contain sensitive personal information and residents should be wary of anyone claiming to be a council employee and asking for details.
The council is sharing some of the affected services with Westminster City Council and Hammersmith and Fulham Council, which are also affected. All three work with the National Cyber Security Center to monitor data.
As a result, they wrote guidance to more than 100,000 households and warned residents to use the council’s published contact channels if they had any concerns.
The council’s latest update on its website said officers were “planning accordingly” and “working with law enforcement every step of the way” and that they did not believe hackers had managed to access third-party systems that help provide services.
The council is also checking files that may have been accessed and prioritizing those belonging to vulnerable people, but this may take months to complete.
More than 150 incidents of cyberattacks were reported to the Information Commissioner’s Office in the local government sector in 2024.
Speaking to the BBC, cyber security expert Graeme Stewart said local authorities were targeted “because they have some really interesting data”.
“Cyber attackers have no moral qualms. They’ll basically go for the easiest targets they can get to. A lot of these local authorities are constantly being attacked and most of the time it doesn’t work – but eventually someone will succeed,” he said.
He also said local officials “are always working under real pressure right now because they’re always under budget control and things like that.”
Elizabeth Campbell, leader of the council, said: “We decided to go out immediately and tell people that this is what is happening, this data is being copied and taken and you need to be aware, so you are at risk.
“In the meantime, we are reviewing all the documentation to see if there are specific locations where we know someone is at risk, and then we will contact them directly.”
The Met’s Cyber Crime Unit said investigations were continuing and no arrests had been made.
