UPDATE: In a shocking cyber attack, Kensington and Chelsea Council has alerted 100,000 households that their personal data may have been compromised. The incident, which occurred in November 2025, raises urgent concerns about potential scams targeting local residents.
Residents are strongly advised to heed guidance from the National Cyber Security Centre. The council warns that cybercriminals could exploit the stolen information to make scams appear more credible. An official update on their website underscored the severity of the situation, stating that the attack was executed “with criminal intent.”
The council revealed that initial assessments indicate the hackers accessed sensitive data. They caution residents to be vigilant about unexpected calls, messages, links, or attachments from anyone claiming to represent the council and requesting sensitive information.
“It is possible that any data copied and taken from us could be misused or published,” the council stated, emphasizing their commitment to working with law enforcement as they navigate this crisis.
Despite the severity, Kensington and Chelsea Council claims its cybersecurity team detected and contained the attack swiftly. They do not believe that third-party systems, which are essential for delivering services and storing data, were compromised. The council is currently reviewing files that may have been accessed, prioritizing those belonging to vulnerable individuals. However, officials warn that a comprehensive review could take months.
Kensington and Chelsea Council is collaborating with Westminster City Council and Hammersmith and Fulham Council to address the situation, as all three councils share impacted services and systems. This incident is not isolated; the local government sector reported over 150 cyber incidents to the Information Commissioner’s Office in 2024.
The council has been actively combating cyber threats, intercepting and isolating 113,000 phishing attempts from June to September 2025. They invest approximately £12 million annually on IT and security measures. However, disrupted services remain a concern, and residents are advised to remain patient as the council works to restore systems securely.
Furthermore, staff at Westminster City Council have been cautioned to exercise heightened vigilance while using Microsoft Teams, following reports of targeted attacks on the platform. An internal memo revealed that some council data was copied during the breach, leading to delays in payments to suppliers due to finance system issues.
A spokesperson for Westminster City Council remarked, “We are actively informing and supporting staff with guidance and resources to help them stay cyber secure.”
Residents of Kensington and Chelsea should remain vigilant and report suspicious activities immediately. This developing situation underscores the critical importance of cybersecurity in local governance and community safety.
Stay tuned for further updates as the council continues to investigate and mitigate the effects of this significant breach.
